Audit Active Directory Attack Paths with Bloodhound
In our experience working with SMB and enterprise IT teams, it is often unknown just how far and...
Remote Access Done Right
Do you have resources on prem? In the cloud? How about in multiple clouds? How do you access them...
Widespread Phishing and Business Email Compromise Campaign
In this blog post we cover a widespread phishing campaign Recon recently observed targeting...
Recon's Guide to Testing for the Log4J Vulnerability using Canarytokens
This guide will walk you through using CanaryTokens.org to generate a token and how to use that...
Recon's SOAR Playbook To Detect Log4J Exploitation
The recent Log4j vulnerability (CVE-2021-44228) is unprecedented in its global scope and impact....
Scaling Enterprise Forensic Timelining
In July, Eric & Whitney gave a talk titled "Breaches Be Crazy" at the SANS DFIR Summit outlining...
An Encounter With TA551/Shathak
The Recon incident response team recently responded to a case of business email compromise. The...
Detecting Threats with Graylog Pipelines - Part 3
Now that we've normalized and enriched our events, let's get into the actual threat detection logic...
Detecting Threats with Graylog Pipelines - Part 2
In my previous post, I explained the fundamental purpose and use cases of pipelines in Graylog –...
Detecting Threats with Graylog Pipelines - Part 1
If you are here hoping to learn more about using Graylog for the purpose of monitoring the security...