Sqrrl
Amazon Web Services acquires Cybersecurity Startup Sqrrl!
Amazon Web Services has made an official announcement that it has acquired Cybersecurity startup Sqrrl that was spun out by two former top-level executives of National Security Agency(NSA). The cloud services provider also confirmed that more such deals of purchasing businesses from US Intelligence Agencies will continue in near future. In November 2017, Amazon Cloud […]
HUNTING FOR NETWORK SHARE RECON
This post was originally published here by Matthew Hosburgh. There’s a strong chance you know what your organization is trying to protect. In many cases, this is probably in the form of data. It could be customer data, trade secrets, and forms of classified information. This data can be stored in many places: databases, email, […]
THREAT HUNTING FOR INTERNAL RDP BRUTE FORCE ATTEMPTS
This post was originally published here by Matthew Hosburgh. In 2015, a targeted attack was discovered. Exposed by Cymmetria, the campaign was known as Patchwork. Their findings discovered that the campaign targeted “personnel working on military and political assignments, and specifically those working on issues relating to Southeast Asia and the South China Sea.” While that […]
SETTING YOUR THREAT HUNTING CALENDAR FOR 2018
This post was originally published here by Kristina Sisk. What is your team hunting for in 2018? If you don’t know, how can you be sure you are positioned to safeguard your organization? In the days of old, threat hunting was regarded as an ad hoc service for an organization. It is now an intrinsic […]
DECEPTION, BREACHES, AND GOING ON THE OFFENSE TO SEED THE HUNT
This post was originally published here by Matthew Hosburgh. In my previous blog, I explored the areas where certain areas of Active Defense could be used to help seed a hunt.These techniques allow the Threat Hunter to go on the offense (in terms of more proactive defense). This is increasingly more important to reduce the time […]
GOING ON THE OFFENSE TO SEED THE HUNT
This post was originally published here by Matthew Hosburgh. Varying degrees of attacking back have been hotly debated for years. Everything from fear of retaliation to collateral damage. Proponents claim that what we as a security collective have been doing for years is simply not working. The truth is, breach after breach is reported despite the millions, […]
TOP #INFOSEC TWITTER ACCOUNTS (FROM A THREAT HUNTER’S PERSPECTIVE)
This post was originally published here by Danny Akacki. On the heels of our “Hunting For Web Shells” webinar, I wanted to follow up with a short post that came from an attendee question. I’m paraphrasing here but it was something along the lines of, “I’m new to the infosec world, where can I go […]
THREAT HUNTING: 10 ADVERSARY BEHAVIORS TO HUNT FOR
This post was originally published here by Ely Kahn. You’re ready to make the jump from alert-based Investigations to threat hunting. But what should you hunt for? How do you perform the hunts? What data will you need to collect? This is often the greatest question you will need to answer as a hunter. To […]
THREAT HUNTING FOR LATERAL MOVEMENT
https://sqrrl.com/threat-hunting-http-user-agents/ This post was originally published here by Brandon Baxter. Lateral movement is a key step that attackers use in targeting and exploiting your network In this post, we’ll walk through how to identify pivot points of data when hunting for lateral moment when hunting with Sqrrl. Hypothesis: We’ll look for instances where multiple users are […]
SECURITY GRAPHS GO MAINSTREAM
This post was originally published here by Sqrrl Team. In the late 2000’s Facebook launched its Social Graph. In the early 2010’s Linkedin popularized the concept of an Economic Graph. In both cases, these companies saw the power of connecting data into a “linked-entity” model. Sqrrl has been doing the same type of work in cybersecurity since […]