Collaborate Disseminate
It takes a thief to catch a thief. Despite being hundreds of years old, this idiom holds perfectly true for that most modern of thieves, the cybercriminal. With adversaries consistently evolving their tools and techniques to overcome defensive solution… Continue reading When is the right time to red team?
Thanks to USENIX for publishing the USENIX Enigma 2019
outstanding conference videos on their YouTube Channel
Permalink
The post USENIX Enigma 2019, Aaron Grattafiori’s ‘If Red Teaming Is Easy: You’re Doing It Wrong’ appeared … Continue reading USENIX Enigma 2019, Aaron Grattafiori’s ‘If Red Teaming Is Easy: You’re Doing It Wrong’
John Strand and Matt Alderman will discuss Threat Hunting. Full Show Notes Visit https://securityweekly.com/esw for all the latest episodes! Hosts Announcements Register for our upcoming webcasts with Viavi & ISC2 by going to securityweekly.com… Continue reading Threat Hunting – Enterprise Security Weekly #144
Tremendous Red Team related blog post over at Black Hills Infosec, and superbly crafted by Darin Roberts, and detailing How To C2 over ICMP… Enjoy!
The post Command and Control Over ICMP: Chronicles of Red Team C2 appeared first on Security Boulevard.
Continue reading Command and Control Over ICMP: Chronicles of Red Team C2
Researchers devise post-intrusion attack that use existing system binaries to achieve arbitrary code execution to maintain stealth and persistence. Continue reading Shining a Light on a New Technique for Stealth Persistence
SCYTHE, an Arlington, Va., based cybersecurity company, announced on Monday that it raised $3 million in seed funding for its automated red-teaming platform. The company flagship platform allows customers to simulate attack campaigns against their own networks in order to assess their defensive posture. SCYTHE says that its product uses a catalog of threats to “automatically deploy a combination of threat actor communications and end-point capabilities on the production environment.” Enterprises can customize their own adversarial campaigns then get reports on how well their systems stood up to the threat. Heading SCYTHE is Bryson Bort, a former U.S. Army officer who has worked in various cybersecurity strategy and research and development at multiple outfits. Bryson is the co-founder of ICS Village, a nonprofit that educates the public about risks to industrial control systems through live simulations. He also founded and is the chairman of GRIMM, a cybersecurity consultancy. “We’re constantly adding […]
The post SCYTHE raises $3 million for attack simulation platform appeared first on Cyberscoop.
Continue reading SCYTHE raises $3 million for attack simulation platform
The DNC thought it was getting hacked again, but it was just a false alarm set off by a security test. It’s a sign that the organization is taking its cybersecurity seriously. Continue reading The DNC False Alarm Hack Is Good Cybersecurity, Bad PR
Trustwave has released Social Mapper, an open source tool that automates the process of discovering individuals’ social media accounts. How Social Mapper works The tool takes advantage of facial recognition technology and searches for targetsR… Continue reading Social Mapper: A free tool for automated discovery of targets’ social media accounts
During the reconnaissance phase of a penetration test being able to discover employee names and email addresses of an organization is extremely important. It is also important to do so as stealthily as possible. Using open-source techniques and tools i… Continue reading OSINT & External Recon Pt. 2: Contact Discovery – Tradecraft Security Weekly #26
Verodin, a company that provides automated security testing services, announced on Tuesday that it brought in $21 million for its Series B funding round. Based in McLean, Va., Verodin provides a product called the Security Instrumentation Platform, which continuously tests the security of a customer’s network by acting as an attacker. The platform simulates ways to exploit vulnerabilities and notes how well the customer’s email, cloud and network controls worked. “This capability enables enterprises to quantifiably validate if their controls are actually protecting their business-critical assets, providing resiliency and keeping them safe,” the company said in a press release. Ultimately, the goal is for organizations to determine whether the security services they’re paying for are actually doing their jobs. The funding round was led by TenEleven Ventures and Bessemer Venture Partners with participation from Capital One Growth Ventures, Citi Ventures and Verodin’s past investors. The round brings the company’s total […]
The post Verodin raises $21 million Series B round for automated red-teaming appeared first on Cyberscoop.
Continue reading Verodin raises $21 million Series B round for automated red-teaming