Malware Persistence in the Cloud
The cloud is certainly going to change some things about malware infection. When a desktop is reset to clean state every time an employee logs in, you now have to wonder how malicious attackers are...
View ArticleCyber Conflict and State Power
There has been a rapid change in the global security paradigm. Cyberspace has fundamentally changed the stability between state and society. New conflict groups are not tied to any one state. There is...
View ArticleRootkit Evolution
Over the last few years HBGary has researched significant advancements in rootkit technology. We are pushing the envelope of what’s possible in the windows kernel. I’m glad to say that we haven’t seen...
View ArticleTwo new threat intelligence papers CSO's will want to read
Industrial Espionage in the Global Energy Market Since 2005, HBGary has been tracking variants of malware created and originated in China that indicate a complex cyber espionage operation targeting...
View ArticleIs APT really about the person and not the malware?
Maybe the “APT is person not malware” pendulum is swinging to the extreme. Understandably it’s a response to commercial enterprises being obsessed with pure-play malware detection. But what is the...
View ArticleStop PDF Exploits Cold
I’m happy to announce that HBGary has released another free tool, similar to the Aurora scanner and the Chinese RAT catcher tools we released in past months. This one isn’t looking for malware,...
View ArticleA Brief History of Physical Memory Forensics
Lately, we have been doing a lot of work around physical memory forensics. Recently, we released the free, community edition of our Responder™ product and plan to release the fourth generation of our...
View ArticleChanging APT Tactics: Remote-Access Tools vs. Stolen Credentials
Advanced Persistent Threats (APT) are adaptive, their tactics will cycle after an intrusion takes place. For example, an APT group may start to lean away from RATs (remote-access tools) and rely more...
View ArticleScripting with Responder™ Community Edition
One of the most powerful features of Responder (all three versions, including the free Community Edition) is the ability to write custom plugins. The entire application is basically a GUI over an API....
View ArticleAsymmetric Warfare and Cyber Terrorism
In the newly released document, “DoD Strategy for Operating in Cyberspace", the Pentagon states that “while the threat to intellectual property is often less visible than the threat to critical...
View ArticleCommand Line Programming with Responder PRO
One little known feature of HBGary’s Responder product is that it ships with the full source code to a command-line version. This command-line version of the product can be customized for automated...
View ArticleShady RAT is Serious Business
Ira Winkler makes some interesting points in his CIO article on Shady RAT. I tend to agree with his observation that security vendors spend too much energy infighting when we all should be facing a...
View ArticleInside an APT Covert Communications Channel
Note: I shortened the title of the post from "Inside an APT “Comment Crew” Covert Communications Channel" to "Inside an APT Covert Communications Channel". To be clear, multiple threat groups are using...
View ArticleSocial Terrorism
Social networking does something to people, intoxicating them with near-zero accountability for impulsive behavior protected under a banner of free speech. Fierce defenders of the social media...
View ArticleAPT - The Plain Hard Truth
The survivors from the front line have reported in. We stand on the ridge, a tangled mess of bodies behind us. We are the ones who have chased the demon, descending into the binary pit the users call...
View ArticleDetecting APT Attackers in Memory with Digital DNA™
HBGary’s Digital DNA™ system is an alternative to traditional signature-based approaches to detecting malicious backdoors. While the “APT is not Malware” mantra is common, APT commonly use malware. To...
View ArticleThe Changing Face Behind the Keyboard
At my recent RSA presentation, I talked about the evolution of cyber threats over the last decade and the slowly shifting goals and intent of the hacking groups behind them. Most of us remember the...
View ArticleWeaponization of Cyberspace
The weaponization of cyberspace started with the advent of criminal enterprise, and over time has enabled cyber warfare for a mass audience. Some of the best exploitation technology was created for...
View ArticleOn Precision and Big Data
Most true-positive threat detection is rule based. We use our powers of perception and analysis to find patterns in the data. This is effective because threat behavior is highly repetitive. One can’t...
View ArticleThe script kiddie is dead
SQL attacks are pervasive; the result is leakage of credentials. Millions of username/email + password pairs have been stripped out of compromised SQL servers and posted into public spaces. Thus,...
View ArticleWhat is Cyber?
As a term, Cyber has a broad spectrum. It has been applied to subjects ranging from low voltage microchips to international law. In the context of security, when does it apply? Consider a situation...
View ArticleThe network perimeter has been turned inside out
The CISO needs to understand that modern cyberspace is turning the perimeter model inside out. Cloud and social applications have accelerated adoption in the Enterprise, but their protocols are...
View ArticleSilk Road for Zero Day
I had to be amused after hearing about the TheRealDeal, a Silk Road for 0-day. First, that there really isn't anything illegal about selling a zero day - but I can understand the concerns about...
View ArticleCreepy Dystopian Reality mirrors Cyber Fiction
Somewhere downstream from the economic churn of the cyber affluent, layers of humans pry and burn minerals and the occasional component from e-Waste to live on less than $100 USD a month. A man...
View ArticleIs Cyber Protectionism on the Rise?
Cyber cold war is clearly heating up. Nation economies may start trending inward for IT and cyber support as fears about state-sponsored hacking are on the rise. High-profile technology vendors are...
View Article
More Pages to Explore .....