March 21, 2019 | Posted in Blue Teams and Purple Teams by Kyle Sheely   Chances are if you’ve been affected by cybercrime in the past year, you’ve been the victim of a banking trojan. Proofpoint’s latest quarterly threat report notes that over half of all successful email-based attacks were propagated by banking trojans (meanwhile ransomware, once one of the greatest threats to enterprises, came in […]

March 8, 2019 | Posted in Blue Teams, Purple Teams, GRC, and Strategy by Evan Perotti and Mike Pinch   Back in December 2018, MITRE released the first round of its evaluations on EDR tools, including Carbon Black, CounterTack, Crowdstrike, Endgame, RSA, Sentinal One, and Windows Defender.  Specifically, MITRE tested the APT3 threat group (https://attack.mitre.org/groups/G0022/) […]

February 13, 2019 | Posted in Purple Teams by Tim Wainwright This article covers how a Purple Team process done correctly can: Be documented and organized using the free VECTR.io platform (https://vectr.io) and align to MITRE ATT&CK Generate quantitative success defense metrics more meaningful than existing hygiene and hyperbole metrics Change your teams’ attitude and […]

December 7, 2018 | Posted in Red Teams, Blue Teams, and Purple Teams by Evan Perotti and Mike Pinch   On November 29th, MITRE ATT&CK released the results of their first round of endpoint security evaluations. The evaluations simulated malicious activity from the APT-3 campaign against seven products. While our analysis directly compares the performance […]

May 16, 2018 | Posted in Blue Teams and Purple Teams by Tyler Frederick   Another Day, Another Microsoft Office Exploit CVE-2018-8174, also known as “Double Kill”, is the newest in a family of exploits that leverage Microsoft Office’s OLE (Object Linking and Embedding) functionality. This particular attack uses an Office document with an embedded OLE […]