Detecting Fake CAPTCHA Campaigns: ClickFix, ClearFake, and Etherhide
Our team recently observed a significant uptick in malware campaigns leveraging fake CAPTCHA pages...
Our team recently observed a significant uptick in malware campaigns leveraging fake CAPTCHA pages...
Hello again! I'm back with part 2 of Building Robust Detection Capabilities. Last time, we dove...
This post was written by Luke Rusten, our Director of Security Operations, and was originally...
While small businesses power our economy, they face a growing challenge: cybercrime. Unlike larger...
Intro We advocate and discuss SigmaHQ repository of detections frequently on Thursday Defensive,...
With decades of combined experience in emergency ransomware response, the Recon IR team has...
Hopefully you have read all about why we are excited to be offering Advanced Email Protection (AEP)...
If you use a computer for work, you use email, it’s a standard in every industry today. Email is...
According to Forbes, there was a 72% increase in cyber breaches from 2021 to 2023. Based on the...
In the pantheon of security systems few things are as under-rated as deception systems. NIST is...
Recently, I had the opportunity to attend the COSSBA (Council of School Supervisors and...
By now it’s old news that the LockBit Ransomware as a Service (RaaS) company has been “disrupted”...
The Recon SOC recently worked an IR case involving the newly emerged Akira Ransomware Group. News...
In our experience working with SMB and enterprise IT teams, it is often unknown just how far and...
End of an Era Recently the Recon team had to make the tough decision to take a step back from...
We had the absolute pleasure to attend CactusCon11 this year which is easily one of our favorite...
As you have no doubt heard, LastPass has suffered yet another breach which makes at least 3...
Logs are on the systems, why do I need this? Because Digital Forensics & Incident Response is...
Do you have resources on prem? In the cloud? How about in multiple clouds? How do you access them...
If anyone in your organization handles financial transactions, invoices, or payroll changes over...
Recon InfoSec, an industry-recognized leader in Managed Detection & Response, cybersecurity...
With the ongoing conflict in Ukraine and U.S. sanctions against Russia continuing to build, the...
As many in the industry are now aware, Okta experienced a form of security breach back in January...
At Recon, we are committed to meeting the security demands of the evolving threat landscape and...
In this blog post we cover a widespread phishing campaign Recon recently observed targeting...
This guide will walk you through using CanaryTokens.org to generate a token and how to use that...
The recent Log4j vulnerability (CVE-2021-44228) is unprecedented in its global scope and impact....
In July, Eric & Whitney gave a talk titled "Breaches Be Crazy" at the SANS DFIR Summit outlining...
It’s that time of year again - DEF CON! We were thrilled to run OpenSOC again at DEF CON this year,...
Recon's SOC recently responded to an attempted ransomware and extortion attack. It had all the...
The Recon incident response team recently responded to a case of business email compromise. The...
Whether your cybersecurity detection and response capabilities are in-house or managed through a...
We can't start a recap post without a huge THANK YOU to the community for joining us last week and...
Now that we've normalized and enriched our events, let's get into the actual threat detection logic...
In my previous post, I explained the fundamental purpose and use cases of pipelines in Graylog –...
If you are here hoping to learn more about using Graylog for the purpose of monitoring the security...
At Recon InfoSec we have the honor of working with some of the best security operations, incident...
Much has already been said about the recently reported SolarWinds compromise. In this post, we are...
Whether you're on the Defensive or Offensive side of security, it's important to understand how...
The Recon team is excited to announce the launch of SOC X™, the Professional SOC Team World...
The Recon team is thrilled to announce our newest offering, NDR Live Online!
Our team are huge fans of Velociraptor. It's an incredibly powerful tool, for both DFIR and...
The Center for Threat-Informed Defense at MITRE recently released their Adversary Emulation Plans...
We've been big fans of the Thinkst platform for a while now. We may have mentioned them a time or...
Some of you may remember our last event, Camp COVID. That was the biggest event we had ever run....
Recently, our team was asked to provide training for an operational military Cyber Protection Team...
As part of the #OpenSOC event Recon InfoSec recently conducted, we wanted to visualize where all of...
Let me first say, on behalf of the Recon team, we cannot thank the community enough for joining us...
Hello OpenSOC fam! First and most importantly, we hope that you and yours are healthy and happy in...
The Recon incident response team recently worked an intrusion case involving a ManageEngine Desktop...
Staying on-top of the latest adversarial methodologies means quickly adjusting to new TTPs and...
If you couldn't tell by now, we love Graylog. We may have mentioned them a time or two :)
We're thrilled to be accepted back to BlackHat to run our live-fire Network Defense Range (NDR)...
TL;DR - we needed to ingest multiple sources of Cylance logs into Graylog, and this is how we did...
I tweeted this the other day, and had a lot of folks reach out asking for more details/a diagram of...
After DEF CON last year, we posted this blog about our infrastructure, which was spread between a...
We never wrote up a blog post for DC27, but this excerpt from the closing ceremonies covers most of...
Part of our job at Recon relies on fine tuning our threat signatures that make up the bulk of our...
The Recon incident response team recently worked an intrusion case involving a Confluence web...
In a previous post, we shared our affinity for ZeroTier:
We're very excited to announce that we'll be bringing our NDR training to Black Hat this year! Come...
Hello, dear friends. The past few days have been extremely hard on the OpenSOC Team. We hope this...
When I joined the OpenSOC team at the beginning of this year, everything resided on 3 Intel Skull...
Huge thanks to @BlueTeamVillage and all of the awesome projects that make up OpenSOC Blue CTF!
To the delight of most Graylog users, geolocation is automatically built into the platform via the...
Shortly after publishing Part 1 of my G Suite DFIR blog series, I gave a talk on the topic at...
EXECUTIVE SUMMARY US-CERT posted a new Tactical Alert (TA18-106A) based on a combined intelligence...
SUMMARY A collaboration between multiple security industry and academic researchers led to the...
Over time and for various reasons, I've amassed quite the catalog of cloud-hosted servers. This has...
Often times during incident response activities, the responder is overwhelmed with data. The need...
So it's a random Wednesday night and I'm studying for my GIAC GCFE exam (which I just passed...
Running a Security Operations Center requires fighting a constant battle to increase analyst...
In my experience, one of those most prevalent and common threats to today’s enterprise networks...