Recon InfoSec

Endpoint Logging For The Win!

Samuel Kimmons on logging, security, infosec, dfir, defense, secops, forensics | 03 Nov 2020

Whether you're on the Defensive or Offensive side of security, it's important to understand how common attack tools look in an environment. As someone defending a network, the use of proper logging can help prevent visibility gaps. You could have the best perimeter detections that are available, but without visibility…

Recon Launches SOC X

Kelley Wilds on infosec, ndr, training, dfir, incident response, secops, security, threat hunting, forensics | 20 Oct 2020

The Recon team is excited to announce the launch of SOC X, the Professional SOC Team World Championship! The inaugural event will be on March 4, 2021.…

Recon Launches Network Defense Range (NDR) Live Online

Kelley Wilds on blackhat, ndr, threat hunting, training, dfir, forensics, incident response, infosec, secops, security | 06 Oct 2020

The Recon team is thrilled to announce our newest offering, NDR Live Online! NDR Live Online gives organizations the opportunity to develop individual analysts and teams with remotely-delivered, live-fire, scenario-based, experiential training throughout the year.…

Securing Your Velociraptor Deployment

Whitney Champion on aws, cognito, devops, forensics, dfir, identity aware proxy, infosec, incident response, operations, secops, security, threat hunting, velociraptor | 23 Sep 2020

Our team are huge fans of Velociraptor. It's an incredibly powerful tool, for both DFIR and endpoint management. It currently supports Windows, Linux, and Mac endpoints, and BONUS: it's open source! We use it extensively, and we have also embedded it into our NDR Training! If you are unfamiliar: Source:…

Mapping Adversary Emulation Plans

Brian Greunke on automation, defense, MITRE ATT&CK, ndr, threat hunting | 18 Sep 2020

Create a MITRE ATT&CK Navigator Map of an Adversary Emulation Plan…

Integrating Thinkst Canaries with TheHive

Whitney Champion on canaries, thinkst, thehive, automation, cortex, dfir, forensics, incident response, python, secops, infosec, training | 16 Sep 2020

We've been big fans of the Thinkst platform for a while now. We may have mentioned them a time or two :) Like many others, we get a lot of mileage out of their Canaries and Canary Tokens. We also love TheHive, as you probably already know. As we've long touted,…

Recon Provides Range Training for Military Cyber Protection Teams During COVID-19 Lockdown

Eric Capuano on military, cpt, ndr, training, defense, dfir, intel | 29 Apr 2020

Recently, our team was asked to provide training for an operational military Cyber Protection Team (CPT). The members of this team are working remotely but still need a way to provide cutting-edge training to keep their operators sharp and mission-ready.…

Visualizing Geo IP Information using Python

Brian Greunke on automation, blackhat, python | 17 Apr 2020

A quick guide on visualizing geographical information about IP addresses using Python…

Recon Appears on Detections Podcast

Eric Capuano | 30 Mar 2020

Recon's CTO, Eric Capuano, and Lead Architect, Whitney Champion, were guests on the popular Detections podcast. Listen in to learn more about Recon, our Cybersecurity Partnership offering, OpenSOC Blue Team CTF, as well as our Network Defense Range training. Be sure to subscribe to this fantastic podcast to be better…

Analysis Of Exploitation: CVE-2020-10189

Luke Rusten on CVE-2020-10189, defense, dfir, exploit, forensics, incident response, infosec, intel sharing, malware, secops, vulnerability, zoho, manageengine | 25 Mar 2020

The Recon incident response team recently worked an intrusion case involving a ManageEngine Desktop Central server that was affected by CVE-2020-10189.…