The Training Secrets of Great Security Operations Teams

Dec 22, 2020 5:21:00 PM / by Bob Drobish posted in SecOps, InfoSec, Training, NDR

At Recon InfoSec we have the honor of working with some of the best security operations, incident response, and threat hunting teams in the world: Fortune 100 companies, military cyber protection teams, global incident response firms, “3 letter agencies,” and “Big 4” professional services companies.

Read More

Endpoint Logging For The Win!

Nov 3, 2020 10:32:00 AM / by Samuel Kimmons posted in DFIR, Forensics, SecOps, Security, InfoSec, Defense, Logging

Whether you're on the Defensive or Offensive side of security, it's important to understand how common attack tools look in an environment. As someone defending a network, the use of proper logging can help prevent visibility gaps. You could have the best perimeter detections that are available, but without visibility into the activity on your endpoints, you're essentially missing a piece of the puzzle.

Read More

Recon Launches SOC X

Oct 20, 2020 10:35:00 AM / by Kelley Wilds posted in DFIR, Incident Response, Forensics, SecOps, Security, InfoSec, Training, Threat Hunting, NDR

The Recon team is excited to announce the launch of SOC X™, the Professional SOC Team World Championship! The inaugural event will be on March 4, 2021.

Read More

Recon Launches Network Defense Range (NDR) Live Online

Oct 6, 2020 10:40:00 AM / by Kelley Wilds posted in DFIR, Incident Response, Forensics, SecOps, Security, InfoSec, Training, Threat Hunting, NDR, BlackHat

The Recon team is thrilled to announce our newest offering, NDR Live Online!

Read More

Securing Your Velociraptor Deployment

Sep 23, 2020 10:51:00 AM / by Whitney Champion posted in DFIR, Velociraptor, Incident Response, Forensics, Operations, SecOps, Security, InfoSec, Threat Hunting, DevOps, AWS, Cognito, Identity Aware Proxy

Our team are huge fans of Velociraptor. It's an incredibly powerful tool, for both DFIR and endpoint management. It currently supports Windows, Linux, and Mac endpoints, and BONUS: it's open source!

Read More

Integrating Thinkst Canaries with TheHive

Sep 16, 2020 11:33:00 AM / by Whitney Champion posted in Automation, DFIR, Incident Response, Forensics, SecOps, Canaries, InfoSec, Thinkst, Training, Python, TheHive, Cortex

We've been big fans of the Thinkst platform for a while now. We may have mentioned them a time or two :) Like many others, we get a lot of mileage out of their Canaries and Canary Tokens.

Read More

Analysis Of Exploitation: CVE-2020-10189

Mar 25, 2020 1:39:00 PM / by Luke Rusten posted in DFIR, Incident Response, Forensics, SecOps, InfoSec, Defense, Malware, Exploit, CVE-2020-10189, Intel Sharing, Zoho, Vulnerability, ManageEngine

The Recon incident response team recently worked an intrusion case involving a ManageEngine Desktop Central server that was affected by CVE-2020-10189.

Read More

Automating Detection Coverage Analysis with ATT&CK Navigator

Feb 13, 2020 1:52:00 PM / by Brian Greunke posted in Automation, DFIR, SecOps, Security, Threat Hunting, Defense, Graylog, Continuous Integration, MITRE ATT&CK

Staying on-top of the latest adversarial methodologies means quickly adjusting to new TTPs and requires a thorough and constant understanding of your own detection capabilities. Given a rapidly changing, dynamic environment, this level of attention can't be a manual process, it requires the magic of automation.

Read More

Integrating Graylog With TheHive

Jan 31, 2020 2:11:00 PM / by Whitney Champion posted in Automation, DFIR, Incident Response, SecOps, Security, Defense, Python, Graylog, DevOps, TheHive, Cortex, API

If you couldn't tell by now, we love Graylog. We may have mentioned them a time or two :)

Read More

Graylog and Cylance Protect Integration

Dec 23, 2019 2:37:00 PM / by Whitney Champion posted in Operations, SecOps, Security, Graylog, Logging, DevOps, API, Cylance

TL;DR - we needed to ingest multiple sources of Cylance logs into Graylog, and this is how we did it.

Read More
View RSS Feed