Category: Threat Intelligence

Key Takeaways Monitoring external libraries (in your production code base) for vulnerabilities is a daunting task, and an enterprise infrastructure is close to unmanageable without the correct tools. Here we introduce an open source prototype system for gathering information about running code, using Recorded Future for determining which components are risky — the system also…

Nothing is hotter than the Nevada desert in August. Except for our booth at Black Hat 2016, that is! Sure, “threat intelligence” is big industry buzzword, but do you really understand how you can use it in your organization to identify indicators of compromise or imminent threats? Are you able to demonstrate the effectiveness of…

Key Takeaways The internet is the single greatest learning resource ever created. Whether you’re looking into specific attack vectors or aiming to learn from others’ mistakes, the web should be your first port of call. Keeping abreast of proprietary information leaks and “adversary chatter” from the open, deep, and dark web will help you to…

In part one of our web shell series we analyzed recent trends, code bases, and explored defensive mitigations. In part two we investigate a new web shell created by Chinese-speaking actors. On March 26, 2016, Recorded Future’s natural language processing (NLP) engine produced an alert for Cknife. Recorded Future alert showing Cknife reference. Background A…

Editor’s Note The following interview is with Stephen Coty and is from our Threat Intelligence Thought Leadership Series. Stephen is the chief security evangelist at Alert Logic. 1. What drives interest in threat intelligence in your community? What hole in your world does it fill? Threat intelligence analysts and their research is the backbone of…

We’re all aware that managing and remediating vulnerabilities is an essential component for effective information security. There is an ongoing need to identify, classify, remediate, and mitigate vulnerabilities that could compromise your network. Effectively assessing the risk from a given vulnerability is critical, as the security impact of remediating a specific vulnerability could be dramatically…

Key Takeaways Compliance doesn’t equal security. Keep your organization’s data safe with a proactive security mindset. Make better cyber security decisions by understanding threat actor TTPs. Help your red team prioritize targets for internal hunting and penetration testing by sharing TTP intelligence. Use TTP intelligence to inform internal security awareness training and user access controls.…

Analysis Summary Open sourcing unauthorized persistence with web shells for over 15 years. Web shells are a favorite Chinese speaking forum topic. Actor laziness leads to code reuse, but not enough to alert on functions or strings. b374k, b374k r3c0d3d, and WSO 2.1 are clear open source favorites (by mention). Static signatures that capture specificity…

Key Takeaways Recorded Future launches a new Intel Card for threat actor groups. Get content-rich, real-time alerts on new threat actor group activity. No more deciphering threat actor group aliases; get consolidated views of associated TTPs and IOCs. Researching and analyzing threat actor groups requires a significant effort in both time and resource. Identifying if…