Nov 15

Threat Intelligence: Bitcoin Giveaway Scam Targets Google

The Google Twitter account for its G Suite cloud subsidiary, which has more than 800,000 followers, has been the most recent target of a growing Bitcoin scam. Many have been asking Twitter to intervene due to the increasing success of these attacks and the growing ability for hackers to compromise verified Twitter accounts. When these accounts are accessed, attackers tweet out a falsified 10,000 Bitcoin giveaway, which equates to around $62,000 dollars.

read more →
Jul 10

Social Engineering Attacks and Mitigations Part IV: Tailgating

Social Engineering attacks can be physical or cyber. One type of physical attack includes Tailgating, and it is not done in a car. Tailgating, in a social engineering sense, is when a person gains unwanted entrance into a facility by using tricks and tactics to fool the employees of that company.


read more →
Jun 22

Social Engineering Attacks and Mitigations Part II: Shoulder Surfing

Shoulder surfing is something that most people do every day in one way or another. Most of the time, this simple practice is done without the intention of stealing information. This practice can be used for malicious purposes however, so it is important to prevent unwanted parties from viewing confidential information or trade secrets displayed on your screen.

read more →
Dec 11

1.4 Billion Credentials Found on Dark-Net

Researchers have found a 41GB data file which contains 1.4 billion user credentials in plain text.

read more →
Oct 12

Bridging the Cyber Security Culture Clash

Why Derbycon is So Good for the Security Community

I had a chance to go to DerbyCon for the first time this year. I was amazed at how great it was and a lot of fun of course, but there was more to it than that. I’ve been to many regional conferences, as well as Def Con, Black Hat, RSA and even Gartner security conferences, but DerbyCon was altogether different and felt like there was a higher benefit that I couldn’t put my finger on.

read more →
May 12

WannaCry: Mass Ransomware Worm Capabilities Campaign - What to do.

UPDATE 5/18/2017 10:40AM ET: A new tool was released from Adrien Guinet that can decrypt WannaCry impacted systems. This only works on Windows XP due to using proper cryptography libraries. In Windows XP, it's possible to search the wcry.exe memory and does not erase the prime numbers used to generate the key. Link here to download.

read more →
Oct 12

Reliably Detecting Pass the Hash Through Event Log Analysis

At BDS we have the unique ability to pull large subsets of data in order to identify abnormal patterns in environments. With our BDS Vision product, the endpoint is one of the easiest ways for us to identify compromises within an organization and we continue to add better detection capabilities every day. One of the many features we have within Vision is the ability to detect Pass the Hash (PtH) through multiple methods. I recently presented one of the methods we use for Pass the Hash detection at this year’s GrrCon. The point of this detection is not to focus on a tool, but rather the behavior of a specific indicator within a network and patterns that are abnormal.

read more →
Jan 21

New Tool Release: GoatRider - OTX, Artillery, and Alexa lookups

During incident response practices, you may need to look up very quickly some abnormal activity. While using feeds such as Artillery and OTX is far from a bulletproof method - these feeds can quickly help identify known C2 or malicious IPs or hostnames. The purpose of GoatRider is to make it simple to look through multiple sources quickly and determine if theres anything abnormal from a hostname or IP address list.

read more →
Dec 14

Tool Update: Auto-OSSEC + MSI Builder

Defend. Protect. Secure.

read more →
Oct 05

Tool Release: Auto-OSSEC - automated OSSEC deployment

We often get customers that prefer to use OSSEC as an endpoint detection, FIM agent. Regardless of what SIEM is in place, a lot of them have OSSEC integration. Alienvault in particular also has the ability to fully integrate and control OSSEC agents. Regardless if you are using OSSEC on a SIEM, standalone, or another method - the biggest pain for mass deployment in an organization is the ability to automatically provision agents. The way OSSEC works is by first installing OSSEC as a server, then deploying the agents. The agents require a key from the server in order to pair appropriately to the server to transmit logs.

read more →