Eric Capuano

Eric is the CTO and co-founder of Recon InfoSec. He is also a certified SANS instructor of Digital Forensics and Incident Response, and a former Cyber Warfare Operator in the Texas Air National Guard.
Find me on:

Recent Posts

OpenSOC @ DC27 - Black Badge Edition!

Aug 31, 2019 2:53:00 PM / by Eric Capuano posted in OpenSOC, DEFCON, Events, BlackBadge, BlueTeamVillage

We never wrote up a blog post for DC27, but this excerpt from the closing ceremonies covers most of what we would've written.

Read More

Analysis of Exploitation: CVE-2019-3396

May 20, 2019 3:22:00 PM / by Eric Capuano posted in DFIR, Incident Response, Forensics, Security, Malware, Exploit, Intel Sharing, Vulnerability

The Recon incident response team recently worked an intrusion case involving a Confluence web application server that was affected by CVE-2019-3396.

Read More

Locking down ZeroTier peer-to-peer networks

Feb 9, 2019 3:38:00 PM / by Eric Capuano posted in ZeroTier, Defense, DevOps, VPN, Cryptography

In a previous post, we shared our affinity for ZeroTier:

Read More

Join us for Network Defense Range Training at Black Hat 2019!

Feb 4, 2019 3:48:00 PM / by Eric Capuano posted in DFIR, Incident Response, Forensics, Training, NDR


We're very excited to announce that we'll be bringing our NDR training to Black Hat this year! Come join us for the Network Defense Range Crucible - Live Adversary Detection and Incident Response during Black Hat 2019 Trainings!

Read More

Blue Team Village @ DEF CON 26

Aug 23, 2018 4:00:00 PM / by Eric Capuano posted in OpenSOC, DEFCON, Events, BlueTeamVillage

Huge thanks to @BlueTeamVillage and all of the awesome projects that make up OpenSOC Blue CTF!

Read More

Build a Free Private Mesh Network for Secure DevOps

Dec 8, 2017 4:31:00 PM / by Eric Capuano posted in ZeroTier, Defense, DevOps, VPN, Cryptography, Networking

Over time and for various reasons, I've amassed quite the catalog of cloud-hosted servers. This has caused much anxiety in the form of rapidly expanding attack surface which I've met painstakingly with manually managed firewall rules and nginx ACLs... Not anymore!

Read More

Auditing G Suite Login Activity

Sep 3, 2017 4:36:00 PM / by Eric Capuano posted in Automation, DFIR, Forensics, Google

Often times during incident response activities, the responder is overwhelmed with data. The need for tools to automate the analysis and enhancement of this data is crucial.

Read More

When Browser Extensions Go Rogue

Nov 14, 2016 4:43:00 PM / by Eric Capuano posted in Web, Browser, PUA

So it's a random Wednesday night and I'm studying for my GIAC GCFE exam (which I just passed recently, woohoo!) and I take a quick break to read a news article or two... No shortage of those given recent election events!

Read More

Slacking at Security Operations

Oct 24, 2016 4:58:00 PM / by Eric Capuano posted in Automation, Operations, Defense, Intel Sharing, Slack

Running a Security Operations Center requires fighting a constant battle to increase analyst efficiency, speed and accuracy. Fast and effective communication coupled with automation is the only answer. So why not have both in the same platform?

Read More

Macro Security for Enterprise Defenders

Oct 20, 2016 5:01:00 PM / by Eric Capuano posted in Defense, Malware, Macro

In my experience, one of those most prevalent and common threats to today’s enterprise networks comes in the form of malicious email attachments (shocker!). Attackers leverage document types that are most likely accessible to software installed on the victim endpoint, making Microsoft Office a prime target. Yes, in 2016, malicious macros are still a major problem.

Read More
View RSS Feed