Using NetShell to execute evil DLLs and persist on a host

By Matthew Demaske, Director of Threat Research I’m always looking for ways an adversary can execute something on a system via “trusted” methods. One great example is Powershell. It’s beloved by sysadmins and hackers alike. AV won’t care and Virustotal says it’s squeaky clean. I’m not going to go into all the various avenues of…

Read More »

USMC infantry tactics and your blue team. Like PB and Jam.

by Matthew Demaske, Director of Threat Research Does it sound weird? It shouldn’t. If you’ve read any of my previous posts, you’ll know that I’ve talked about Sun Tzu, the brilliant military strategist. His work still inspires those from all walks of life some two thousand years after his death. However, we’re going to talk…

Read More »

Ramblings: Threat Hunting And Forensics Are Different.

By Matthew Demaske, Director of Threat┬áResearch Just a little Friday rant before I kick off the weekend. There is a huge difference between a traditional computer forensic investigation and threat hunting. Let’s put it in a law enforcement prospective. Forensic analysis happens after someone reports items being stolen. Diamonds at a store. Your living room…

Read More »

Blue Team Basics Part 2: The team

By Matthew Demaske, Director of Threat┬áResearch Moving on to the second part of our introduction to Blue Team 101. In the first post, we talked about the importance of asking yourself a few questions. What do you have worth taking or destroying? Where is that data stored? Who is in charge of that data? Now…

Read More »

Ramblings: Threat Intelligence

By Matthew Demaske, Director of Threat Research I wasn’t going to put anything more up here until I finished part two of my “Blue Team Basics” series, but there’s a few things I want to get off my chest. This may end up as a regular series here as I don’t want my rants to…

Read More »

Blue Team Basics part 1: The Mission

By Matthew Demaske, Director of Threat Research In this blog series, we will be diving into the techniques successful organizations employ to keep their client’s data safe and their names out of the headlines. The audience is primarily for blue teamers(defenders), but if any red team(attackers) folks are reading this, I hope you can gain…

Read More »