This year at Black Hat, I’ll be teaching a new class as a follow-on to my popular Cyber Defense Bootcamp class. During the Cyber Defense Bootcamp Class (2010 - 2012), the focus was to provide new enterprise defenders the hands-on training they would need to start investigating incidents. This class included everything from open source analysis, network forensics, device forensics, and malware analysis. The premise was that much like in the military, new recruits don't start with a tank; they need to learn all kinds of basics to do their job. Throughout the various classes, the students learned quite a bit Read Article
On April 30, 2013, CrowdStrike was alerted to a strategic web compromise on a US Department of Labor website that was redirecting visitors to an attacker’s infrastructure. Eight other compromised sites were also reported to be similarly compromised with the data suggesting that this campaign began in mid-March.
The campaign appeared to exploit visitors to these sites via the recent CVE-2012-4792 vulnerability, however CrowdStrike recently learned from other researchers that the exploit leveraged appears to be a zero-day. Successful compromise resulted in infection with Poison Ivy. The sample observed Read Article
CrowdStrike Expands Sales Leadership Team: Names Kurt Speck SVP of Worldwide Sales & Operations and Scott Fuselier Worldwide Director of Enterprise Accounts & Channel
As a guy who grew up playing a lot of different sports, it became clear to me from a very young age that the winning teams usually had the best athletes. I say usually because there were a few teams that had great players, yet they never had the right chemistry to win it all. These were the teams that had stars playing for the name on the back of the jersey, rather than the front. I’ve never forgotten these life lessons, Read Article
This week we’re back to our old friends with a Chinese nexus. To recount the last few weeks of our adversary blog posts, we first introduced Anchor Panda, an adversary we attribute to China and associate with the PLAN. In that post we explained “Intelligence Gain/Loss” and why we decided to release adversary information with detection signatures. We then moved on to another Chinese adversary we dubbed Read Article