A “selector” is not a generally defined term in enterprise security, but selectors are important for understanding open source intelligence and investigations in the digital realm. Building on our previous technical blog defining a selector, we will be diving deeper into selectors and how they enable external threat hunting, attribution, and open source intelligence analysis.
5 min read
Using Selectors For Open Source Intelligence
By Adam Gayde, Robert Raines, and Matthew Brock on Oct 20, 2020 10:12:23 AM
8 min read
The Myth of Complex Passwords
By Dev Badlu on Sep 16, 2020 11:06:03 AM
Password reuse is one of the most pervasive security concerns for information security teams in enterprise. It’s an easy way for an adversary to gain initial access if two factor authentication is not properly implemented and more importantly, provides the ability to move laterally in a network and escalate privileges, thus compromising critical data.
Below is a deep dive into the art of passwords, and how this can play out in both directions.
7 min read
What is a Selector in the World of Digital Crime?
By Adam Gayde, Michael Eller, and Matthew Brock on Sep 9, 2020 9:36:30 AM
Every hour of every day, criminals, nation states, and fraudsters around the world commit attacks using phone numbers, email addresses, and social media handles. We call these “selectors,” i.e. the technical attributes of an online entity.
4 min read
Five Critical Data Source Considerations for Adversary Attribution
By Jonathan Neuhaus & Adam Gayde on Aug 12, 2020 12:31:41 PM
Strong intelligence is the base of adversary attribution; nothing can replace the holistic picture created by technical indicators in combination with HUMINT and OSINT sources.
Securing Linux Against Negligent or Malicious Administrators
By Willis McDonald & Vincas Čižiūnas on Apr 22, 2020 9:27:28 AM
Linux monitoring is deceptively difficult. The most common tools for performing monitoring - the Linux audit system, log journals and syslog sources - are all, at best, standardized by Linux distribution, and at worst, unique per host in an enterprise environment. File-based logging can be spoofed by intruders, while kernel-based subsystems have performance issues. Many hosts will often be under low latency or high performance requirements, either due to cost saving measures on equipment, or due to an application that sees high utilization.There are few strong solutions today that don't leave gaping holes for intruders to achieve their low resource usage.
Insider Threat: Reducing Gaps and Increasing Visibility for a Remote Workforce
By Bryan Clements & Chris DiSalle on Apr 10, 2020 2:26:46 PM