Don't second guess. Go with experience.




Petya 2017: Are we looking at ransomware or cyber attack?

By Monty St. John & Chris Rogers The attack began small, but rapidly got everyone’s attention.  It didn’t take long in the first hours of Tuesday’s attack for it to become pretty clear that Ukraine was the epicenter of the strike.  In fact, more than half of the reports of new “Petya” malware were located…

Read More

Wannacry – Can We Really Call It a New Thing?

  Plenty out there spoken about Wanna Cry, including on this blog (post and post). At its heart, it’s less ransomware than a worm exploiting a Windows OS vulnerability that looks to the network to infect even more computers. In fact, it was overwhelmingly successful, much more so as a worm than anything remotely as…

Read More

Building Targets with CRITs

In a previous post (located here) we chatted about CRITs and using targets.  While this was in relation to phishing, it doesn’t need to be.  The Targets collection is really flexible, although I’ll freely admit you’ll need to massage it slightly.  The original direction in CRITs development was to view a target an an individual…

Read More

CRITs – The Fulcrum for the Lever of Intel

As a services company, it’s probably no surprise that we help people.  When companies need a hand or need to add in a capability that they previously didn’t have, we get a chance to get involved in some exciting situations.  Sometimes exciting bad, like when an incident occurs, but just as often exciting good, when…

Read More

Phishing with CRITs

CRITs was introduced a bit earlier as a threat intelligence platform (TIP) worth your time to review, if not employ in your enterprise.  Let me show a quick example why. Raise your hands – who has to deal with phishing? Okay.  I couldn’t see who raised their hands, but given its ubiquity within everyone’s enterprise,…

Read More

Making CRITical Introductions

CRITical introduction–A play on words, to be sure.  Collaborative Research in Threats, or CRITs for short, is a threat intelligence platform (TIP).  It’s the repository where you store threat data and those sometimes fragile connections that you make to link everything together.  Don’t just take my word for it–here’s a fragment of  the introduction straight from their…

Read More

Negative space and filling gaps in YARA

Using negative space and inverse matching is a lesser-seen but excellent technique to type and classify files. Here the point is not to look for what is there, but to look for what isn’t there — when it should be. Besides an excellent presentation technique it’s also a method borrowed from threat intelligence (TI). One…

Read More

A Short Wcry/Wannacry Update

I previously wrote a short note on wannacry and indicated that I thought Patient Zero (those initial infections) were done via phishing and email. I still very much believe that, though I’ll admit I don’t have the necessary smoking gun to display as evidence. I received a fair amount of cynical responses to this declaration,…

Read More

Slicing Logic across Rules with YARA

Continuing our series on YARA, in part 3 (see here for Part 2 and Part 1) let’s spend some time diversifying logic across multiple rules. It is fast and easy to put together a monolithic rule but that approach suffers when it comes time to extend, expand or combine the rule. Slicing logic across multiple…

Read More

Samba Exploits on the Heels of SMB

If you’ve got the time (and I hope you do) take a second to review this advisory from Samba: It affects all versions of Samba from 3.5.0 onwards and patches a vulnerability to remote code execution – one that can be executed with a single line of code as long as a few simple…

Read More

Contact CyberDefenses today to learn how we can help your company’s cybersecurity needs.