Don't second guess. Go with experience.

Have you been hit? CyberDefenses can help.

Blog

Categories

Archives

Building Targets with CRITs

In a previous post (located here) we chatted about CRITs and using targets.  While this was in relation to phishing, it doesn’t need to be.  The Targets collection is really flexible, although I’ll freely admit you’ll need to massage it slightly.  The original direction in CRITs development was to view a target an an individual…

Read More

CRITs – The Fulcrum for the Lever of Intel

As a services company, it’s probably no surprise that we help people.  When companies need a hand or need to add in a capability that they previously didn’t have, we get a chance to get involved in some exciting situations.  Sometimes exciting bad, like when an incident occurs, but just as often exciting good, when…

Read More

Phishing with CRITs

CRITs was introduced a bit earlier as a threat intelligence platform (TIP) worth your time to review, if not employ in your enterprise.  Let me show a quick example why. Raise your hands – who has to deal with phishing? Okay.  I couldn’t see who raised their hands, but given its ubiquity within everyone’s enterprise,…

Read More

Making CRITical Introductions

CRITical introduction–A play on words, to be sure.  Collaborative Research in Threats, or CRITs for short, is a threat intelligence platform (TIP).  It’s the repository where you store threat data and those sometimes fragile connections that you make to link everything together.  Don’t just take my word for it–here’s a fragment of  the introduction straight from their…

Read More

Negative space and filling gaps in YARA

Using negative space and inverse matching is a lesser-seen but excellent technique to type and classify files. Here the point is not to look for what is there, but to look for what isn’t there — when it should be. Besides an excellent presentation technique it’s also a method borrowed from threat intelligence (TI). One…

Read More

A Short Wcry/Wannacry Update

I previously wrote a short note on wannacry and indicated that I thought Patient Zero (those initial infections) were done via phishing and email. I still very much believe that, though I’ll admit I don’t have the necessary smoking gun to display as evidence. I received a fair amount of cynical responses to this declaration,…

Read More

Slicing Logic across Rules with YARA

Continuing our series on YARA, in part 3 (see here for Part 2 and Part 1) let’s spend some time diversifying logic across multiple rules. It is fast and easy to put together a monolithic rule but that approach suffers when it comes time to extend, expand or combine the rule. Slicing logic across multiple…

Read More

Samba Exploits on the Heels of SMB

If you’ve got the time (and I hope you do) take a second to review this advisory from Samba: https://www.samba.org/samba/security/CVE-2017-7494.html. It affects all versions of Samba from 3.5.0 onwards and patches a vulnerability to remote code execution – one that can be executed with a single line of code as long as a few simple…

Read More

Distributing Logic with YARA Rules

In Part I of the series, Building Blocks of Success with YARA, we introduced YARA and some of its capabilities. That introduction ended with a very short discussion on the distribution of logic across multiple rules and the use of constraints to ensure accuracy. Let’s expand on that. While in many cases its appropriate to…

Read More

Phishing. If it started with an “F” you’d love it

Phishing. If it started with an ‘F’, you’d love it. Phishing, as they say, happens. Teaching people how to recognize phishing and avoid it is an entire industry.  Anyway, the same goes for understanding how to pull information from the phishing you receive so you can build intelligence. Instead of telling you about it, though,…

Read More

Contact CyberDefenses today to learn how we can help your company’s cybersecurity needs.