AMP Threat Grid
Black Hat Asia 2019: Watch Out for the Secondary Payload
Black Hat 2019 returned to Singapore with Black Hat Asia with four days of Trainings and Briefings, with the Business Hall. Cisco Security is proud to be a Technology Partner of Black Hat in the Network Operations Center’s (NOC) Security Operations. The focus of the NOC is to provide secure and open…
New Perspectives on Software-Defined WAN
The integration of Software-Defined Wide Area Networking (SD-WAN) with cloud management functionality into the Cisco family of routers in 2018 excited many of our customers. Instantly over a million installed Cisco ISR and ASR routers could be upgraded to become SD-WAN capable, improving application…
Indicators of Compromise and where to find them
Indicators of Compromise (“IOC”) are used to suggest a system has been affected by some form of malware. An Indicator of Compromise can be anything from a file name to the behavior observed while malware is actively running on an infected system. Where do they look? Social media, new feeds, industry…
To be Effective, Security Needs to Be a Force Multiplier
Effective security is simple, open, and automated. We’ve already talked about simple and open. Now let’s talk about automated. Security admins can relate to this scenario. You just learned of an infected system in your environment of thousands of devices. How many others are affected? That’s hard t…
Cognitive Threat Analytics: Turn Your Proxy Into Security Device
This post was authored by Veronica Valeros, Petr Somol, Martin Rehak and Martin Grill, on behalf of the whole CTA team. Some of us still intuitively believe that our extensively safeguarded corporate networks are safe from the risks we are exposed to when connecting directly to public Internet. Yet,…
Protecting against the latest variant of H1N1
This is the third and final installment in our technical analysis of the H1N1 loader. In case you missed it, my colleague Josh Reynolds peeled apart the latest variant of H1N1 and analyzed its obfuscation tactics and techniques in the first blog, and in the second blog provides deep technical analys…
H1N1: Technical analysis reveals new capabilities – part 2
This is the second blog in a 3 part series that provides an in-depth technical analysis on the H1N1 malware. You can read the first entry here where I covered the evolution of H1N1, its infection vector and obfuscation techniques. This blog will provide an overview of its execution. H1N1 Execution E…
H1N1: Technical analysis reveals new capabilities
This blog is the first in a 3 part series that will provide an in-depth technical analysis on the H1N1 malware. I’ll be looking at how H1N1 has evolved, its obfuscation, analyzing its execution including new information stealing and user account control bypass capabilities, and finally exploring how…
CryptXXX Technical Deep Dive
0.0 Introduction: In our previous post we discussed the AMP ThreatGrid Research and Efficacy Team’s continuous support for Ransomware attack vectors, generic behavior detection of un-discovered variants, and the creation of behavioral indicators once new variants are identified. In this post we̵…