One of the growing attacks we have seen has been Remote Desktop brute forcing, MITRE ATT&CK technique T1076(link https://attack.mitre.org/wiki/Technique/T1076), especially if you have laptops that connect directly to the internet when not at your office. We know what you are thinking…people still connect without a network firewall?...YES.Read More
A few of us at my organization were luckily enough to attend DerbyCon last week. This was my first time at the conference and it was amazing. I was able to meet some fellow infosec community members including @HackingDave as well as attend some great talks. One of the talks we attended was by @subtee and @kwm called "Blue Team Keeping Tempo with Offense". This talk really hit home for me. In our organization, our team has both red teamers as well as blue teamers who partner to improve our security posture. This was a fundamental aspect of their talk and something we value as a security threat team.
In order to "keep up with offense", Casey and Keith spoke heavily on where blue teams tend to break down. This captured my ear as a blue teamer trying to gain an advantage. One of their main discussion points was that we as blue teamers tend to end up with too many alerts, too much noise, and too many false positives. It got me thinking about how we have tackled this problem in our organization and I thought it would be useful to share our strategy with others.Read More
This last post in our phishing series walks through a real phishing campaign to really show the power behind this solution both in the ability to identify and remediate malicious emails quickly and efficiently.Read More
So we are in a place where we are identifying phishing campaigns and attacks but how do we help defend the company? Let's start by using the data to remediate phishes and enabling controls to stop them from coming in.Read More