<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=694598870919452&amp;ev=PageView&amp;noscript=1">

David Kennedy

David Kennedy

Recent Posts

Aug 22

Announcing Vision 4.0 Platform – Managed EDR Combined with EPP

Introducing Vision 4.0 Platform Managed Endpoint Detection and Response (EDR) with built-in Endpoint Platform Protection (EPP) by Binary Defense.

read more →
Jul 13

The Vision Platform Adds Support for OS X and Linux

Binary Defense is excited to announce additional supported platforms for the managed endpoint detection and response (MDR) software called Vision. When we first released Vision, it was with the mindset of identifying early warning indicators of compromise (IoC) and to provide companies immediate visibility to threats happening real-time. With this release, we gain additional visibility and coverage on multiple platforms including macOS (OS X) and Linux. This release also adds continued enhanced detection capabilities ranging from more generic/commoditized attacks all the way to extremely advanced attack vectors and through the attack lifecycle. We have a newly designed dashboard, which helps with easy analysis of alarms, and rapid response and mitigation with containment mode.

read more →
Jun 27

Petya Ransomware Without The Fluff

When WannaCry hit, the news sent shivers down the world. Reports of hospital outages and super secret tools used by the NSA (Equation Group) that could hack into any version of Windows was released to the public. During this period of time, the community warned of more waves were soon to come. This started yesterday around June 26, 2017 primarily in Ukraine and Binary Defense started to see some of the first large infections of Petya (or some calling it NotPetya) happening at other geographic locations early this morning. On the surface, this appeared to be another EternalBlue/MS17-010 campaign being used on the surface and a new variant. No-one at the time knew exactly how the infection methods were being used, but multiple companies jumped the gun and reports claimed multiple avenues including HTA attack vectors, email campaigns with attached word and excel documents.

read more →
Jun 14

Binary Defense's Vision Platform 3.1 Released

We are proud to announce the latest release of Vision version 3.1. This release adds substantial enhancements both on the server platform and the Vision agent. This includes new app whitelisting bypass detections (regasm, regsvsc, and more), System.Management.Automation.dll PowerShell bypass techniques, and improved process injection detection. In addition, the agent has been slimmed down both size wise as well as impact and performance to the system. Currently Vision takes 0.01 CPU usage and 32 megabytes of RAM. A newly designed dashboard user-interface allows simplistic ease of information and quick access to relevant information about the latest indicators.

read more →
May 16

New Video Explaining Binary Defense's Vision Platform

When it comes to what we’re doing here at Binary Defense, our greatest strength is our team and being an extension of the security team. With Binary Defense's Vision Platform, the ability to get insight into what's happening from an attacker’s perspective becomes simple. Our goal with Vision is to provide our attack intelligence and the visibility you need - from day one. Combined with our managed services, having a true extension of a security team becomes possible and maintainable.

read more →
May 12

WannaCry: Mass Ransomware Worm Capabilities Campaign - What to do.

UPDATE 5/18/2017 10:40AM ET: A new tool was released from Adrien Guinet that can decrypt WannaCry impacted systems. This only works on Windows XP due to using proper cryptography libraries. In Windows XP, it's possible to search the wcry.exe memory and does not erase the prime numbers used to generate the key. Link here to download.

read more →
May 02

PowerShell Injection with Fileless Payload Persistence and Bypass Techniques

PowerShell continues to be the tool of choice for defenders, IT administrators, and hackers. The extensibility, support, and ability to have a full-fledged programming language at your fingertips provides a whole new level of Microsoft’s operating system that was drastically missing in the past. We are huge advocates of PowerShell at Binary Defense, and it is our number one go to when it comes to performing everything from simplified administration, all the way to automation testing and complex programs. In addition, for legitimate use for defense and administration, many tools such as PowerShell Empire, PowerSploit, and more are used by the security research industry as well as hackers.

read more →
Apr 25

Binary Defense’s Vision Platform v3 Released – Welcome to Containment

When we started with Binary Defense’s Vision platform years ago, we knew it would be a long road and something to where we would continuously get better over time. Our motto is to always do things the right way, and build in the knowledge of attack intelligence through the industry to help the industry get better in defense.

read more →
Oct 12

Reliably Detecting Pass the Hash Through Event Log Analysis

At BDS we have the unique ability to pull large subsets of data in order to identify abnormal patterns in environments. With Binary Defense Vision, the endpoint is one of the easiest ways for us to identify compromises within an organization and we continue to add better detection capabilities every day. One of the many features we have within Vision is the ability to detect Pass the Hash (PtH) through multiple methods. I recently presented one of the methods we use for Pass the Hash detection at this year’s GrrCon. The point of this detection is not to focus on a tool, but rather the behavior of a specific indicator within a network and patterns that are abnormal.

read more →
Jun 16

Distributed HoneyNets and Understanding Attack Emulation with BDS Vision

One of the cool things developing a product is designing defensive software that detects what you do as an attacker. Growing up through the offensive mindset gave me a unique perspective on what I need to do to gain access to systems. The concept of honeypots is nothing new and has been around for ages. One of the tools I designed initially was Artillery which has had wide-scale deployment success in networks for early indicators of compromise. BDS Vision is a distributed endpoint and server software agent that has been designed from the ground up on the attacker mindset and looking at all of the patterns that we would commonly use for exploitation.

read more →