2023 SANS Report Digital Forensics
Speakers: John Gamble (Corelight), Domenica Crognale, Heather Mahalik, David Smalley.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Threat Detection
Leveraging the Dark Side: How CrowdStrike Boosts Machine Learning Efficacy Against Adversaries
The power of the CrowdStrike Falcon® platform lies in its ability to detect and protect customers from new and unknown threats by leveraging the power of the cloud and expertly built machine learning (ML) models. In real-world conditions and in independent third-party evaluations, Falcon’s on-sensor and cloud ML capabilities consistently achieve excellent results across Windows, Linux and macOS platforms.
Zenity Helps Microsoft Identify and Remediate Critical Security Risk in Power Automate Desktop
About seven months ago at Defcon, Zenity CTO Michael Bargury presented security research that discovered and outlined a way to take over Microsoft Power Automate enabling bad actors to send ransomware to connected machines by using Power Automate as it was designed. By simply taking over an endpoint, our research showed that attackers can run their own payloads and execute malware by assigning machines to a new administrative account using a basic command line.
Detect and Respond to Workload Threats
Learn how to use Sysdig Secure to detect and prevent cryptomining using machine learning! Speaker: Nigel Douglas, Senior Marketing Manager, Sysdig.
Key takeaways from RSA 2023: #BetterTogether and AI in security
Whether or not you made it to RSA 2023, here are two key themes we saw throughout this year’s conference.
Securing Cloud, Containers, and Kubernetes
Sysdig's Cloud Protection and Response platform bridges the gap between the cloud tenant, the Kubernetes workloads that run in that cloud provider, as well as the processes that are actually executed within containers running in Kubernetes. In this video, Sysdig Senior Technical Marketing Manager takes us through the platform and the best practices to secure your environment!
New Sliver C2 Detection Released - Redteam detected
We are excited to announce the release of a new detection package “Sliver”, which identifies and raises alerts related to the Sliver C2 framework. This new package joins our industrial-strength C2 Collection and uses a variety of techniques to detect Sliver, above and beyond our HTTP-C2 package’s existing Sliver coverage. In this blog we provide some basics about Sliver and how it works and then dive deep into the techniques we use to detect this popular and powerful tool.
Microsoft Threat Detection and Response: Five Key Pitfalls (and How to Address Them)
Organizations are increasingly turning to the cloud in their attempt to become more agile and efficient. Many will choose the Microsoft ecosystem and will need to become familiar with threat detection and response offered by this environment, how these technologies can be leveraged to their full potential, and what should be supplemented to avoid unnecessary risk.
How SOCs can level up their PCAP game with Smart PCAP
This blog post is the first in a 2 part series on Corelight Smart PCAP. Tune in next week for part two where we’ll take a deep dive look at Corelight’s PCAP functionality and workflows that accelerate security investigations.
Machine Learning in Security: Detect Suspicious TXT Records Using Deep Learning
There are about 90 DNS resource record types (RR) of which many of them are obsolete today. Of the RR’s used, DNS TXT record offers the most flexibility in content by allowing user defined text. The TXT record initially designed to hold descriptive text (RFC 1035) is widely used for email verification, spam prevention and domain ownership verification.