In July, Eric & Whitney gave a talk titled "Breaches Be Crazy" at the SANS DFIR Summit outlining Recon’s unique approach at scaling enterprise forensic timelining.
Scaling Enterprise Forensic Timelining
Oct 6, 2021 2:29:00 PM / by Eric Capuano posted in Automation, DFIR, Velociraptor, Incident Response, Forensics, Operations, SecOps, Security, SOC, Open Source
OPENSOC @ DEF CON 29
Aug 11, 2021 1:46:00 PM / by Kelley Wilds posted in DFIR, Incident Response, Forensics, Security, InfoSec, OpenSOC, DEFCON, Events, Training, Threat Hunting, ZeroTier
It’s that time of year again - DEF CON! We were thrilled to run OpenSOC again at DEF CON this year, even if it had to be virtual (fingers crossed we’re all in person again in 2022).
Endpoint Logging For The Win!
Nov 3, 2020 10:32:00 AM / by Samuel Kimmons posted in DFIR, Forensics, SecOps, Security, InfoSec, Defense, Logging
Whether you're on the Defensive or Offensive side of security, it's important to understand how common attack tools look in an environment. As someone defending a network, the use of proper logging can help prevent visibility gaps. You could have the best perimeter detections that are available, but without visibility into the activity on your endpoints, you're essentially missing a piece of the puzzle.
Recon Launches SOC X
Oct 20, 2020 10:35:00 AM / by Kelley Wilds posted in DFIR, Incident Response, Forensics, SecOps, Security, InfoSec, Training, Threat Hunting, NDR
The Recon team is excited to announce the launch of SOC X™, the Professional SOC Team World Championship! The inaugural event will be on March 4, 2021.
Recon Launches Network Defense Range (NDR) Live Online
Oct 6, 2020 10:40:00 AM / by Kelley Wilds posted in DFIR, Incident Response, Forensics, SecOps, Security, InfoSec, Training, Threat Hunting, NDR, BlackHat
The Recon team is thrilled to announce our newest offering, NDR Live Online!
Securing Your Velociraptor Deployment
Sep 23, 2020 10:51:00 AM / by Whitney Champion posted in DFIR, Velociraptor, Incident Response, Forensics, Operations, SecOps, Security, InfoSec, Threat Hunting, DevOps, AWS, Cognito, Identity Aware Proxy
Our team are huge fans of Velociraptor. It's an incredibly powerful tool, for both DFIR and endpoint management. It currently supports Windows, Linux, and Mac endpoints, and BONUS: it's open source!
Integrating Thinkst Canaries with TheHive
Sep 16, 2020 11:33:00 AM / by Whitney Champion posted in Automation, DFIR, Incident Response, Forensics, SecOps, Canaries, InfoSec, Thinkst, Training, Python, TheHive, Cortex
We've been big fans of the Thinkst platform for a while now. We may have mentioned them a time or two :) Like many others, we get a lot of mileage out of their Canaries and Canary Tokens.
Analysis Of Exploitation: CVE-2020-10189
Mar 25, 2020 1:39:00 PM / by Luke Rusten posted in DFIR, Incident Response, Forensics, SecOps, InfoSec, Defense, Malware, Exploit, CVE-2020-10189, Intel Sharing, Zoho, Vulnerability, ManageEngine
The Recon incident response team recently worked an intrusion case involving a ManageEngine Desktop Central server that was affected by CVE-2020-10189.
Analysis of Exploitation: CVE-2019-3396
May 20, 2019 3:22:00 PM / by Eric Capuano posted in DFIR, Incident Response, Forensics, Security, Malware, Exploit, Intel Sharing, Vulnerability
The Recon incident response team recently worked an intrusion case involving a Confluence web application server that was affected by CVE-2019-3396.
Join us for Network Defense Range Training at Black Hat 2019!
Feb 4, 2019 3:48:00 PM / by Eric Capuano posted in DFIR, Incident Response, Forensics, Training, NDR
We're very excited to announce that we'll be bringing our NDR training to Black Hat this year! Come join us for the Network Defense Range Crucible - Live Adversary Detection and Incident Response during Black Hat 2019 Trainings!