Stopping FIN7: Endgame's Full Stack Protection Against Fileless Attacks
Financially motivated cyber attacks occur on a daily basis, often via ransomware but often through direct and aggressive targeting of organizations both in and out of the financial sector. Attackers...
View ArticleNew Open Source Repositories for Data Scientists in Infosec
Over the past few years, we have published numerous posts on the benefits and challenges of machine learning in infosec in an effort to help fellow practitioners and customers separate hype from the...
View ArticleClik here to view.
Bot Talk Pretty One Day
Conversational interfaces have improved customer interactions across a wide range of industries and use cases, providing interactive and intuitive experiences. That experience, however, is diminished...
View ArticleClik here to view.
Milliseconds Matter: Prevention Architecture and Cloud Considerations
The rise of ransomware and other destructive attacks in the last year demonstrates that prevention is critical to stopping damage and loss in your enterprise. Attacks come in many shapes and sizes,...
View ArticleClik here to view.
Data Visualization for Machine Learning
Building a machine learning model for a data product is a difficult task involving many steps from data collection and management all the way to integration and presentation of results. One of the most...
View ArticleClik here to view.
Kicking off the Endgame Threat Hunting Workshop Series
Last night, we kicked off our first Threat Hunting Workshop Series in the Endgame Arlington office. Guided by Endgame and Capital One practitioners, hunters and incident responders from the government...
View ArticleTransparency in Third-Party Testing
Before making a major purchase, chances are you shop around, compare products with a critical eye, and rely heavily on the experiences and opinions of people you trust to inform your buying decision....
View ArticleClik here to view.
Beyond the Math: Effective Machine Learning in Security
In an attempt to appeal to information security executives and practitioners, some vendors have positioned Machine Learning (ML) – often liberally decorated as “Artificial Intelligence” (AI) – as a...
View ArticleClik here to view.
The Escalation of Destructive Attacks: Putting Dragonfly in Context
Today, Symantec released another report on Dragonfly, a cyber-espionage group targeting the energy sector in the United States, as well as Turkey and Switzerland. As the report thoroughly details, the...
View ArticleCorvil and Endgame: Safeguarding the World's Algorithms
To obtain a competitive advantage, businesses across nearly every sector are increasingly turning towards algorithms to unlock and act on signals hidden in mounds of data. Today, algorithms frequently...
View ArticleBots, Trolls, and Warriors: The Modern Adversary Playbook
Last night, The Washington Post published an article on Russia’s use of Facebook for micro-targeting. According to the article, last summer Facebook’s cyber experts found evidence of APT 28 setting up...
View ArticlePractical Tips for Becoming Cyber Savvy
Following the Equifax breach in early September, in which 143 million records were stolen, The New York Times updated their interactive tool for individuals to comprehend how much of their data has...
View ArticleClik here to view.
Hunting for In-Memory .NET Attacks
In past blog posts, we shared our approach to hunting for traditional in-memory attacks along with in-depth analysis of many injection techniques. As a follow up to my DerbyCon presentation, this post...
View ArticleA Cozy Community of Data Scientists in Information Security
Every scientist needs a home. Like most PhD research topics, mine was “special”. It was unique enough to straddle a few research communities, but fit snugly into none. Because conferences often...
View ArticleClik here to view.
The Bug or Feature Debate is Back Yet Again: DDEAUTO Root Cause Analysis
Over the last few years, macro-based document attacks have been growing in popularity. With the rising cost of memory corruption based exploitation due to the required level of expertise and...
View ArticleA Modern Model for Cyber Adversarial Behavior
Organizations worldwide are facing an onslaught of targeted attacks, or attacks that are uniquely designed and executed against a specific enterprise or government entity. These attacks are 100%...
View ArticleClik here to view.
BadRabbit Technical Analysis
On October 12th, Ukraine’s SBU security service warned of an imminent attack against government and private institutions similar to the NotPetya attack in June. Two months earlier, the SBU made a...
View ArticleMultidisciplinary Innovation for Better Defenses
Five years ago, the Strata Conference hosted a panel debating the value of domain expertise versus machine learning skills in data science. The machine learning side won. This debate continues today,...
View ArticleClik here to view.
Falling into the TRAP: How the Endgame Platform Stops BadRabbit
BadRabbit is the latest auto-propagating ransomware making the rounds and disrupting organizations. We previously went deep into the technical details. This post will describe our testing of...
View ArticleIncreasing Retention Capacity: Research from the Field
Security professionals from academia and industry gather this week in Dayton, OH for the annual National Initiative for Cybersecurity Education (NICE) Conference and Expo. NICE is a program of the...
View Article