Recon InfoSec

Recon Provides Range Training for Military Cyber Protection Teams During COVID-19 Lockdown

Eric Capuano on military, cpt, ndr, training, defense, dfir, intel | 29 Apr 2020

Recently, our team was asked to provide training for an operational military Cyber Protection Team (CPT). The members of this team are working remotely but still need a way to provide cutting-edge training to keep their operators sharp and mission-ready.…

Visualizing Geo IP Information using Python

Brian Greunke on automation, blackhat, python | 17 Apr 2020

A quick guide on visualizing geographical information about IP addresses using Python…

Recon Appears on Detections Podcast

Eric Capuano | 30 Mar 2020

Recon's CTO, Eric Capuano, and Lead Architect, Whitney Champion, were guests on the popular Detections podcast. Listen in to learn more about Recon, our Cybersecurity Partnership offering, OpenSOC Blue Team CTF, as well as our Network Defense Range training. Be sure to subscribe to this fantastic podcast to be better…

Analysis Of Exploitation: CVE-2020-10189

Luke Rusten on CVE-2020-10189, defense, dfir, exploit, forensics, incident response, infosec, intel sharing, malware, secops, vulnerability, zoho, manageengine | 25 Mar 2020

The Recon incident response team recently worked an intrusion case involving a ManageEngine Desktop Central server that was affected by CVE-2020-10189.…

Automating Detection Coverage Analysis with ATT&CK Navigator

Brian Greunke on automation, continuous integration, defense, graylog, MITRE ATT&CK, dfir, secops, security, threat hunting | 13 Feb 2020

Staying on-top of the latest adversarial methodologies means quickly adjusting to new TTPs and requires a thorough and constant understanding of your own detection capabilities.…

Integrating Graylog With TheHive

Whitney Champion on thehive, graylog, automation, api, python, dfir, devops, secops, cortex, defense, incident response, security | 31 Jan 2020

If you couldn't tell by now, we love Graylog. We may have mentioned them a time or two :) We also love TheHive. It makes tracking incidents easy, it's reliable, and it's another well-managed open source project that we support and contribute to. TheHive also integrates with Cortex, which allows us…

Network Defense Range (NDR) Returning to BlackHat 2020

Eric Capuano on ndr, defense, infosec, training, blackhat, threat hunting, incident response | 26 Jan 2020

NDR is a one-of-a-kind training platform that enables SOC analysts, threat hunters, and incident responders to go toe-to-toe with advanced adversaries in a low-stakes/zero-risk environment.…

Graylog and Cylance Protect Integration

Whitney Champion on devops, graylog, operations, secops, cylance, logging, api, security | 23 Dec 2019

TL;DR - we needed to ingest multiple sources of Cylance logs into Graylog, and this is how we did it. Since we had never integrated with their API before, we were looking at a lot of unknowns. Searching GitHub uncovered a huge win. Lucky for us, someone had already…

Brokering Other Cloud Resources Behind AWS Services

Whitney Champion on aws, cloud, zerotier, identity aware proxy, dfir, security, operations, devops, cognito, secops | 21 Nov 2019

I tweeted this the other day, and had a lot of folks reach out asking for more details/a diagram of this setup. places like digitalocean and vultr have beefy systems for less SO, we stand up a big system there, and a small proxy in AWS behind an ALB/…

Automating Graylog Pipelines

Whitney Champion on graylog, ansible, devops, python, security, automation, secops, continuous integration, dfir | 18 Jun 2019

Part of our job at Recon relies on fine tuning our threat signatures that make up the bulk of our pipeline rules in our Graylog environment. Because of this, they are constantly changing, growing, being tuned, and ultimately becoming more effective over time at detecting anomalous activity.…