Audit Active Directory Attack Paths with Bloodhound

Apr 18, 2023 5:15:25 PM / by Eric Capuano posted in SecOps, Security, Open Source, InfoSec, Defense

In our experience working with SMB and enterprise IT teams, it is often unknown just how far and wide their Active Directory (AD) environment truly is and how many possible attack paths exist for a would-be threat actor. This is true because it's a non-trivial activity to sit down and map these environments out in a way that makes it possible to begin hardening and mitigating attack paths. 

Read More

Another LastPass Breach and What You Should Know

Dec 23, 2022 2:36:11 PM / by Eric Capuano posted in Security, InfoSec, Defense, Cryptography, LastPass

As you have no doubt heard, LastPass has suffered yet another breach which makes at least 3 separate incidents this year alone. The latest incident appears to be a follow-up to the previous intrusion from back in August. Rather than recap the details of the breaches, this post will focus strictly on "how does this affect me/my organization" and "is LastPass still safe to use?"

Read More

Every Organization Needs Centralized Logging

Oct 18, 2022 6:03:30 PM / by Eric Capuano posted in DFIR, Incident Response, Open Source, Defense, Monitoring, Graylog, Logging, Compliance

Logs are on the systems, why do I need this?

Because Digital Forensics & Incident Response is expensive -- likely the highest billable rate among most IT/security practices.

Why? Because it is a very skilled, but meticulous and time-consuming activity and my team has done our fair share of it. Most often, the bulk of the time is spent collecting often volatile evidence from countless systems in hopes that enough of the attacker activity is still traceable. The best evidence sources are often the ones least available at the time of the investigation -- logs. Why? Because they roll over, or get deleted, etc.

If I walked into an organization that had centralized logging, I could probably cut the IR effort in half because a huge amount of the data I need is there ready to be queried. This allows me to perform deeper forensic analysis only on systems that exhibited noteworthy activity.
 
Read More

Recon InfoSec Receives SOC 2 Type II Certification

Mar 9, 2022 9:24:51 AM / by Eric Capuano posted in InfoSec, Defense, Compliance

At Recon, we are committed to meeting the security demands of the evolving threat landscape and exceeding the expectations of our customers. We follow best practices, up to and including closely following Google's BeyondCorp approach to "Zero Trust" for our entire infrastructure. Our security philosophy is, "we must always be the most secure part of any organization that we may ever work with." This has enabled us to be a strong, trusted advisor and service provider to our customers and channel partners.

Read More

SOC X 2021 - A Recap

Mar 8, 2021 2:08:00 PM / by Kelley Wilds posted in SOC X, Security, SOC, InfoSec, OpenSOC, Events, NDR, Defense

We can't start a recap post without a huge THANK YOU to the community for joining us last week and making SOC X such a success!

Read More

Endpoint Logging For The Win!

Nov 3, 2020 10:32:00 AM / by Samuel Kimmons posted in DFIR, Forensics, SecOps, Security, InfoSec, Defense, Logging

Whether you're on the Defensive or Offensive side of security, it's important to understand how common attack tools look in an environment. As someone defending a network, the use of proper logging can help prevent visibility gaps. You could have the best perimeter detections that are available, but without visibility into the activity on your endpoints, you're essentially missing a piece of the puzzle.

Read More

Mapping Adversary Emulation Plans

Sep 18, 2020 11:17:00 AM / by Brian Greunke posted in Automation, Threat Hunting, NDR, Defense, MITRE ATT&CK

The Center for Threat-Informed Defense at MITRE recently released their Adversary Emulation Plans Library on Github.

Read More

Recon Provides Range Training for Military Cyber Protection Teams During COVID-19 Lockdown

Apr 29, 2020 12:22:00 PM / by Eric Capuano posted in DFIR, Training, NDR, Defense, Military, CPT, Intel

Recently, our team was asked to provide training for an operational military Cyber Protection Team (CPT). This unit, and many others, are working remotely due to the current global situation but still need a way to provide cutting-edge training to keep their operators sharp and mission-ready. This was a particularly important engagement to the team at Recon as we are a team composed heavily of veterans and current members of Reserve/National Guard components.

Read More

Analysis Of Exploitation: CVE-2020-10189

Mar 25, 2020 1:39:00 PM / by Luke Rusten posted in DFIR, Incident Response, Forensics, SecOps, InfoSec, Defense, Malware, Exploit, CVE-2020-10189, Intel Sharing, Zoho, Vulnerability, ManageEngine

The Recon incident response team recently worked an intrusion case involving a ManageEngine Desktop Central server that was affected by CVE-2020-10189.

Read More

Automating Detection Coverage Analysis with ATT&CK Navigator

Feb 13, 2020 1:52:00 PM / by Brian Greunke posted in Automation, DFIR, SecOps, Security, Threat Hunting, Defense, Graylog, Continuous Integration, MITRE ATT&CK

Staying on-top of the latest adversarial methodologies means quickly adjusting to new TTPs and requires a thorough and constant understanding of your own detection capabilities. Given a rapidly changing, dynamic environment, this level of attention can't be a manual process, it requires the magic of automation.

Read More
View RSS Feed