Last week, I mentioned the assassination of a Chinese shipping executive who was killed in his car while parked near an upscale market in Karachi,...
Posted on March 08, 2018
Endpoint Protection Requires More than Just Anti-Virus
Binary Defense’s Vision Platform recently detected a new variant of the FedEx invoicing phishing campaign widely used for mass email campaigns. The FedEx campaigns are nothing new and have been around forever. Variants spawn quite frequently, but the techniques are continiously changing. Anytime you can elicit users for action on possible disruption of services (such as FedEx invoices, or missing packages), the success rate jumps up and is still effective today.
Since Vision works differently than other malware detection programs by focusing primarily on behavioral analysis to detect suspicious/abnormal patterns, it was successful in identifying this new variant. At the time, most anti-virus product lines were unable to detect this malicious code.read more →
Binary Defense is excited to announce additional supported platforms for the managed endpoint detection and response (MDR) software called Vision. When we first released Vision, it was with the mindset of identifying early warning indicators of compromise (IoC) and to provide companies immediate visibility to threats happening real-time. With this release, we gain additional visibility and coverage on multiple platforms including macOS (OS X) and Linux. This release also adds continued enhanced detection capabilities ranging from more generic/commoditized attacks all the way to extremely advanced attack vectors and through the attack lifecycle. We have a newly designed dashboard, which helps with easy analysis of alarms, and rapid response and mitigation with containment mode.read more →
We are proud to announce the latest release of Vision version 3.1. This release adds substantial enhancements both on the server platform and the Vision agent. This includes new app whitelisting bypass detections (regasm, regsvsc, and more), System.Management.Automation.dll PowerShell bypass techniques, and improved process injection detection. In addition, the agent has been slimmed down both size wise as well as impact and performance to the system. Currently Vision takes 0.01 CPU usage and 32 megabytes of RAM. A newly designed dashboard user-interface allows simplistic ease of information and quick access to relevant information about the latest indicators.read more →
When it comes to what we’re doing here at Binary Defense, our greatest strength is our team and being an extension of the security team. With Binary Defense's Vision Platform, the ability to get insight into what's happening from an attacker’s perspective becomes simple. Our goal with Vision is to provide our attack intelligence and the visibility you need - from day one. Combined with our managed services, having a true extension of a security team becomes possible and maintainable.read more →
PowerShell continues to be the tool of choice for defenders, IT administrators, and hackers. The extensibility, support, and ability to have a full-fledged programming language at your fingertips provides a whole new level of Microsoft’s operating system that was drastically missing in the past. We are huge advocates of PowerShell at Binary Defense, and it is our number one go to when it comes to performing everything from simplified administration, all the way to automation testing and complex programs. In addition, for legitimate use for defense and administration, many tools such as PowerShell Empire, PowerSploit, and more are used by the security research industry as well as hackers.read more →
When we started with Binary Defense’s Vision platform years ago, we knew it would be a long road and something to where we would continuously get better over time. Our motto is to always do things the right way, and build in the knowledge of attack intelligence through the industry to help the industry get better in defense.read more →
Using office macros to exploit endpoints continues to be a popular method for exploitation. Users are presented with a dialog box, which they must click for the attack to work, most users will click, especially if the document looks like something they normally operate on. This removes the need for attackers to have office or browser zero-days. It also makes exploitation simpler and cheaper. Additionally, it is typically possible to tune the malicious macro to bypass security controls like anti-virus. There are even toolkits like Luckystrike to ease macro exploit development.read more →
One of the cool things developing a product is designing defensive software that detects what you do as an attacker. Growing up through the offensive mindset gave me a unique perspective on what I need to do to gain access to systems. The concept of honeypots is nothing new and has been around for ages. One of the tools I designed initially was Artillery which has had wide-scale deployment success in networks for early indicators of compromise. BDS Vision is a distributed endpoint and server software agent that has been designed from the ground up on the attacker mindset and looking at all of the patterns that we would commonly use for exploitation.read more →
When I left an amazing job as a Chief Security Officer, my goal was to build a team that changed the industry for the better. I started TrustedSec with the mindset of starting Binary Defense and ultimately continuing to build something special. At TrustedSec, we always found that a company would have a number of technologies; however, there would be a large gap in understanding offensive capabilities. As an industry, we provide a service to identify risks, protect our businesses, equipment, technology, and more. Understanding the offense and detecting attackers in the early stages shouldn't be a mystery or an unknown.read more →