13 matches found
Exploit for Reliance on Untrusted Inputs in a Security Decision in Microsoft
CVE-2026-21509 — Educational Dummy PoC for Defender Visibility...
Context is King: Using API Sessions for Security Context
There’s no doubt that API security is a hot topic these days. The continued growth in API-related breaches and increase in publicized API vulnerabilities has pushed API security to the top of CISO’s lists. The tools in the market for API security still have room for improvement, of course. One of...
Using Velociraptor for large-scale endpoint visibility and rapid threat hunting
TL;DR Network-wide collection, acquisition and monitoring tool for use in DFIR engagements Designed for enterprise networks 150k+ Deployments aren’t unheard of Boasts many features that your commercial EDR has, and a few more Flexible querying language that can adapt to new threats and encourages...
[The Lost Bots] Bonus Episode: Velociraptor Contributor Competition
!\The Lost Bots\ Bonus Episode: Velociraptor Contributor Competitionhttps://blog.rapid7.com/content/images/2021/08/-The-Lost-Bots--Episode-1--External-Threat-Intelligence.jpeg Welcome back for a special bonus edition of The Lost Bots, a vlog series where Rapid7 Detection and Response Practice...
MDR Vendor Must-Haves, Part 2: Ingestion of Network Device Data
This blog post is part of an ongoing series about evaluating Managed Detection and Response MDR providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.” There are many factors to consider when assessing which Managed Detection and Response MDR vendor is the right f...
VMware Carbon Black Announces Splunk Integration to Streamline and Modernize SOC Workflows
Introducing Unified VMware Carbon Black Cloud App for Splunk At VMware Carbon Black, our ecosystem of integration and alliance partners has been a core part of our vision and strategy. Today, with thousands of customers adopting the VMware Carbon Black Cloud to secure their endpoints and workload...
Velociraptor - Endpoint Visibility and Collection Tool
Velociraptor is a tool for collecting host based state information using Velocidex Query Language VQL queries. To learn more about Velociraptor, read the documentation on: https://www.velocidex.com/docs/ Quick start If you want to see what Velociraptor is all about simply: 1. Download the binary...
Zero Trust: From security option to business imperative overnight
Not long ago when I spoke with customers about Zero Trust, our conversations focused on discussing the principles, defining scope, or sharing our own IT organization’s journey. Zero Trust was something interesting to learn about, and most organizations were very much in the exploratory phase. As...
Latest Enterprise EDR Now Available on All Major Operating Systems
VMware Carbon Black is today announcing new capabilities for macOS systems protected by our cloud-native enterprise endpoint detection and response EDR solution, CB ThreatHunter. This latest release on the VMware Carbon Black Cloud further expands customizable detection, threat intelligence,...
Lessons Learned from the Incident Response Trenches: Investigating and Eradicating Kwampirs
Kroll has deployed CB Response during hundreds of cyber investigations because it can provide insights throughout each stage of the incident response IR process see graphic. One of Kroll’s recent investigations, which involved the Kwampirs malware, illustrates how CB Response helps uncover critic...
Carbon Black Global Threat Report: ‘The Year of the Next-Gen Cyberattack’
In 2016, fileless attacks such as PowerWare and the alleged hack against the Democratic National Committee DNC stole sensitive information and global headlines. In 2017, WannaCry, NotPetya and BadRabbit demonstrated ransomware’s global ubiquity. Then, as we kicked off 2018, the Spectre and Meltdo...
Eliminating Dwell Time with Cb Response and Red Canary
How Can I Efficiently Organize and Lead the People on My Team? Organizing your team to protect your environment with agility is a difficult task with all the varied skills and challenges related to traditional security operations center SOC structures. We asked our partners at Red Canary, who eve...
Threat Analysis: Word Documents with Embedded Macros Leveraging Emotet Trojan
Many customers have recently asked how Carbon Black's solutions detect macros and droppers specifically referencing Emotet dropper files. Customers often say that macros and droppers are an ongoing problem in their environments. They are also seen day-to-day by most practitioners. The analysis...