Recon Launches SOC X

Oct 20, 2020 10:35:00 AM / by Kelley Wilds posted in DFIR, Incident Response, Forensics, SecOps, Security, InfoSec, Training, Threat Hunting, NDR

The Recon team is excited to announce the launch of SOC X™, the Professional SOC Team World Championship! The inaugural event will be on March 4, 2021.

Read More

Recon Launches Network Defense Range (NDR) Live Online

Oct 6, 2020 10:40:00 AM / by Kelley Wilds posted in DFIR, Incident Response, Forensics, SecOps, Security, InfoSec, Training, Threat Hunting, NDR, BlackHat

The Recon team is thrilled to announce our newest offering, NDR Live Online!

Read More

Securing Your Velociraptor Deployment

Sep 23, 2020 10:51:00 AM / by Whitney Champion posted in DFIR, Velociraptor, Incident Response, Forensics, Operations, SecOps, Security, InfoSec, Threat Hunting, DevOps, AWS, Cognito, Identity Aware Proxy

Our team are huge fans of Velociraptor. It's an incredibly powerful tool, for both DFIR and endpoint management. It currently supports Windows, Linux, and Mac endpoints, and BONUS: it's open source!

Read More

Mapping Adversary Emulation Plans

Sep 18, 2020 11:17:00 AM / by Brian Greunke posted in Automation, Threat Hunting, NDR, Defense, MITRE ATT&CK

The Center for Threat-Informed Defense at MITRE recently released their Adversary Emulation Plans Library on Github.

Read More

Integrating Thinkst Canaries with TheHive

Sep 16, 2020 11:33:00 AM / by Whitney Champion posted in Automation, DFIR, Incident Response, Forensics, SecOps, Canaries, InfoSec, Thinkst, Training, Python, TheHive, Cortex

We've been big fans of the Thinkst platform for a while now. We may have mentioned them a time or two :) Like many others, we get a lot of mileage out of their Canaries and Canary Tokens.

Read More

OpenSOC @ DEF CON 28 Safe Mode

Aug 14, 2020 11:53:00 AM / by Whitney Champion posted in OpenSOC, DEFCON, Events

Some of you may remember our last event, Camp COVID. That was the biggest event we had ever run.

UNTIL LAST WEEK: DEF CON 28

Read More

Recon Provides Range Training for Military Cyber Protection Teams During COVID-19 Lockdown

Apr 29, 2020 12:22:00 PM / by Eric Capuano posted in DFIR, Training, NDR, Defense, Military, CPT, Intel

Recently, our team was asked to provide training for an operational military Cyber Protection Team (CPT). This unit, and many others, are working remotely due to the current global situation but still need a way to provide cutting-edge training to keep their operators sharp and mission-ready. This was a particularly important engagement to the team at Recon as we are a team composed heavily of veterans and current members of Reserve/National Guard components.

Read More

Visualizing Geo IP Information using Python

Apr 17, 2020 1:11:00 PM / by Brian Greunke posted in Automation, Python, BlackHat

As part of the #OpenSOC event Recon InfoSec recently conducted, we wanted to visualize where all of our participants were coming from. We had several data points to work from, and there are plenty of open tools available, so it is just a matter of cobbling those items together to create a sweet, sweet map.

Read More

Camp COVID - A Recap

Apr 17, 2020 11:40:00 AM / by Whitney Champion posted in OpenSOC, Events, Graylog, Infrastructure

ETo8FQOXYAIXNsL-1

Let me first say, on behalf of the Recon team, we cannot thank the community enough for joining us last week.

Read More

OpenSOC: Camp COVID

Mar 30, 2020 1:15:00 PM / by Eric Capuano posted in OpenSOC, Events

ETo8FQOXYAIXNsL-1

Hello OpenSOC fam! First and most importantly, we hope that you and yours are healthy and happy in these unprecedented times.

Read More
View RSS Feed