by Kevin Libby | Feb 21, 2017 | Blog, Cybersecurity
I want more “Stuff.” POSTED BY KEVIN LIBBY “Everybody’s gotta have a little place for their stuff. That’s all life is about. Trying to find a place for your stuff.” — George CarlinAmong some of the more memorable nuggets from George Carlin that fed my...
by Mike Clark | Jan 25, 2017 | Blog, Cybersecurity, Threat Intelligence
Taking Action on GRIZZLY STEPPE Data with ThreatQ POSTED BY MIKE CLARK In early October, the DHS’ NCCIC and the FBI released a Joint Analysis Report (JAR) detailing a campaign they attribute to Russia. The campaign target was the Democratic National Committee and is...
by Mike Clark | Jan 5, 2017 | Blog, Cybersecurity, Threat Intelligence
Investigating Spear phish Incidents with ThreatQ: Part 2 POSTED BY MIKE CLARK In part one of this article, we showed how to import a spear phish email into the ThreatQ platform, extract useful Indicators, and use an Operation to check the Splunk SIEM software to see...
by Mike Clark | Jan 3, 2017 | Blog, Cybersecurity, Threat Intelligence
Examining Ricochet Effects of Spear phishing Campaigns POSTED BY MIKE CLARK There are many ways your organization can be affected by a spear phishing attack beyond the obvious – being the direct target. For example, a doppelgänger of your domain could be used to send...
by Mike Clark | Dec 19, 2016 | Blog, Cybersecurity, Threat Intelligence
Investigating Spear Phish Incidents with ThreatQ: Part 1 POSTED BY MIKE CLARK Part 1 – Identifying a system talking to a malicious site found in a spear phish email Spear phishing is a form of social engineering and undoubtedly one of the most successful and...
by Ryan Trost | Dec 6, 2016 | Blog, Cybersecurity
Situational Awareness vs. Situational Understanding – is intelligence passing you by? POSTED BY RYAN TROST A couple weeks ago I caught up with an agency colleague of mine to discuss the latest high-profile attacks and he mentioned a new term to me – ‘situational...
