Whether you're on the Defensive or Offensive side of security, it's important to understand how common attack tools look in an environment. As someone defending a network, the use of proper logging can help prevent visibility gaps. You could have the best perimeter detections that are available, but without visibility into the activity on your endpoints, you're essentially missing a piece of the puzzle.

The Recon team is excited to announce the launch of SOC X™, the Professional SOC Team World Championship! The inaugural event will be on March 4, 2021.

The Recon team is thrilled to announce our newest offering, NDR Live Online!

Our team are huge fans of Velociraptor. It's an incredibly powerful tool, for both DFIR and endpoint management. It currently supports Windows, Linux, and Mac endpoints, and BONUS: it's open source!

We've been big fans of the Thinkst platform for a while now. We may have mentioned them a time or two :) Like many others, we get a lot of mileage out of their Canaries and Canary Tokens.

The Recon incident response team recently worked an intrusion case involving a ManageEngine Desktop Central server that was affected by CVE-2020-10189.

We're thrilled to be accepted back to BlackHat to run our live-fire Network Defense Range (NDR) course again this year! We received overwhelmingly positive feedback from last year's attendees and we have even bigger plans this year.

To the delight of most Graylog users, geolocation is automatically built into the platform via the "GeoIP Resolver" plugin. All that is needed is a MaxMind database and you are ready to roll. However, there is a better way of going about geolocation that might be worth implementing if you are a Graylog power user: lookup tables & pipelines.