- 234
- 602 108
Red Canary
United States
เข้าร่วมเมื่อ 3 มิ.ย. 2015
Red Canary stops cyber threats no one else does, so organizations can fearlessly pursue their missions. Security leaders all share one goal: Don’t get breached.
Since day one at Red Canary, enterprises have relied on us to find and stop threats before they can cause harm. The most sophisticated security teams trust us for our intelligence-led security operations platform run by world-class security experts. We manage, detect and respond to prevalent threats across cloud, identity, and endpoint so you can have more time to focus on business-specific security needs and requirements. We got you.
Here on TH-cam we'll be publishing content about Atomic Red Team, threat intelligence, threat hunting, security operations, Managed Detection and Response (MDR), the MITRE ATT&CK framework, and more.
Since day one at Red Canary, enterprises have relied on us to find and stop threats before they can cause harm. The most sophisticated security teams trust us for our intelligence-led security operations platform run by world-class security experts. We manage, detect and respond to prevalent threats across cloud, identity, and endpoint so you can have more time to focus on business-specific security needs and requirements. We got you.
Here on TH-cam we'll be publishing content about Atomic Red Team, threat intelligence, threat hunting, security operations, Managed Detection and Response (MDR), the MITRE ATT&CK framework, and more.
Web-based cyber attacks explained: Understanding RCE & SQL injection vulnerabilities
Web-based cyber attacks are a true threat to enterprises, often exploiting vulnerabilities to disrupt services, steal data, and gain unauthorized access. In this video, we explore two of the most critical vulnerabilities that adversaries target: Remote code execution (RCE) and SQL injection.
To dive deeper, check out our 2024 Threat Detection Report: www.redcanary.com/tdr
---
Follow us:
RedCanary
www.linkedin.com/company/redcanary
Red Canary stops cyber threats no one else does, so organizations can fearlessly pursue their missions. We do it by delivering managed detection and response (MDR) across enterprise endpoints, cloud workloads, network, identities, and SaaS apps. As a security ally, we define MDR in our own terms with unlimited 24×7 support, deep threat expertise, hands-on remediation, and by doing what’s right for customers and partners.
Subscribe to our TH-cam channel for frequently updated, how-to content about Atomic Red Team, threat hunting in security operations, MDR or Managed Detection and Response, and using the MITRE ATT&CK® framework.
#RCE #SQLinjection #threatintelligence #vulnerabilitymanagement #cybersecurity
To dive deeper, check out our 2024 Threat Detection Report: www.redcanary.com/tdr
---
Follow us:
RedCanary
www.linkedin.com/company/redcanary
Red Canary stops cyber threats no one else does, so organizations can fearlessly pursue their missions. We do it by delivering managed detection and response (MDR) across enterprise endpoints, cloud workloads, network, identities, and SaaS apps. As a security ally, we define MDR in our own terms with unlimited 24×7 support, deep threat expertise, hands-on remediation, and by doing what’s right for customers and partners.
Subscribe to our TH-cam channel for frequently updated, how-to content about Atomic Red Team, threat hunting in security operations, MDR or Managed Detection and Response, and using the MITRE ATT&CK® framework.
#RCE #SQLinjection #threatintelligence #vulnerabilitymanagement #cybersecurity
มุมมอง: 156
วีดีโอ
Identity attacks explained: How adversaries steal credentials & takeover accounts
มุมมอง 67414 วันที่ผ่านมา
Identity is the foundation of secure access to applications, services, and data-but it’s also a prime target for adversaries. In this video, Senior Malware Analyst Tony Lambert explores the various types of identity attacks, including credential theft, phishing, session hijacking, insider threats, and synthetic identity fraud. Learn how attackers exploit authentication systems, steal credential...
Uptick in Storm-1811 activity detected | Red Canary Threat Intelligence
มุมมอง 33921 วันที่ผ่านมา
In recent weeks, Red Canary has uncovered an uptick in activity from Storm-1811, a Black Basta ransomware affiliate. Listen to the latest from Principal Intelligence Analyst Jeff Felling on how this threat operates and the impact it can have on your organization. Learn more about Storm-1811: redcanary.com/blog/threat-intelligence/intelligence-insights-june-2024/ Check out the CISA advisory: www...
5 proven tips to strengthen your cloud security posture
มุมมอง 19721 วันที่ผ่านมา
Are you ready to take your cloud security to the next level? In this video, Senior Detection Engineer Rachel Schwalk shares five essential considerations for improving your cloud security posture. From managing identities and avoiding misconfigurations to understanding the cloud threat landscape, Rachel dives deep into actionable strategies you can implement today. 0:00 Intro 0:43 Securing iden...
Top 10 rankings shake up in November | Red Canary Threat Intelligence
มุมมอง 13821 วันที่ผ่านมา
This month in Red Canary Intelligence Insights, Senior Intelligence Analyst Stef Rand breaks down the major shifts in malware activity: LummaC2 skyrockets to second place while NetSupport Manager sees a bump due to the highly effective "paste and run" technique. ChromeLoader holds the #1 spot for the fifth consecutive month, while SocGholish and Scarlet Goldfinch take big tumbles. Intro 0:00 Lu...
Explore enhanced filtering & features on the new atomicredteam.io
มุมมอง 358หลายเดือนก่อน
Join Principal Security Specialist Phil Hagen from Red Canary as he takes you through the newly revamped Atomic Red Team™ website, designed to make it easier than ever to test your detection capabilities. This walkthrough highlights the new site’s features, like powerful filtering options for over 1,600 atomic tests, easy-to-use platform-specific searches, and access to community resources. Whe...
2024’s most impactful threats: Identity abuse, cloud attacks & more
มุมมอง 433หลายเดือนก่อน
In this webinar, our team takes a look at the top trends, threats, and ATT&CK techniques we've observed in the first half of 2024. Join Principal Security Specialist Brian Donohue, Senior Intel Manager Alex Berninger, and Principal Product Manager for Identity Sam Straka as they break down key threat detection insights and defensive tactics to bolster identity security. Intro 0:00 Top threats 9...
Popular new ‘paste and run’ technique being used by attackers | Red Canary Threat Intelligence
มุมมอง 253หลายเดือนก่อน
Senior Intelligence Analyst Stef Rand discusses the latest developments surrounding LummaC2, a malware-as-a-service (MaaS) stealer. Stef also details an interesting new technique we've observed called ‘paste and run,’ where adversaries trick users into copying and executing malicious PowerShell code. LummaC2: the stealer to watch 0:00 New ‘paste and run’ technique 0:27 To learn more, check out ...
How supply chain attacks spread ransomware
มุมมอง 177หลายเดือนก่อน
In this video, Principal Security Specialists Phil Hagen and Brian Donohue break down how ransomware can be distributed through supply chain attacks. Instead of directly targeting their victims, cybercriminals go upstream to compromise trusted providers, gaining access to a wide range of businesses and users. Intro 0:00 What is a supply chain attack? 0:16 Ransomware in supply chain attacks 0:49...
How to investigate a suspicious alert
มุมมอง 8562 หลายเดือนก่อน
In this video, Incident Handler turned Sales Engineer Kellon Benson dives into a step-by-step process to investigate an alert that could signal a potential threat in your environment. Kellon explores how to analyze command lines, process trees, and event logs to uncover if an alert is a legitimate threat or a false positive. Intro 0:00 We have an alert! 0:37 What’s the alert telling me? 01:10 W...
Atomic Stealer: the macOS threat you can't ignore
มุมมอง 5702 หลายเดือนก่อน
Think macOS is immune to malware? Think again. In 2024, macOS has become a prime target for adversaries looking to steal critical information. From Atomic Stealer to Poseidon and Cthulhu Stealers, attackers are focusing on macOS, recognizing its growing presence in enterprises. In this video, Senior Malware Analyst Tony Lambert and Principal Security Specialist Phil Hagen dive into the rise of ...
Understanding cloud-native threats
มุมมอง 2722 หลายเดือนก่อน
As we continue to migrate infrastructure to the cloud, the stakes for securing our networks have never been higher. In this insightful video, Principal Security Specialist Phil Hagen and Senior Malware Analyst Tony Lambert dive deep into the world of cloud-based threats. Discover how these threats can evade detection and learn strategies to safeguard your networks. Intro 0:00 Cloud accounts 0:2...
Ransomware operators leveraging VPNs | Red Canary Threat Intelligence
มุมมอง 2742 หลายเดือนก่อน
Senior Intelligence Analyst Stef Rand discusses some key highlights from the September 2024 Red Canary Intelligence Insights. Browser-related trickery dominates 0:00 LummaC2 Stealer surges 0:28 Ransomware operators using VPNs 1:08 For a full breakdown of this month’s insights, check out the blog: redcanary.com/blog/threat-intelligence/intelligence-insights-september-2024/ To stay up-to-date on ...
The identity crisis: Why your network is more vulnerable than ever
มุมมอง 2412 หลายเดือนก่อน
Identities are the new perimeter of enterprise networks. With users and devices connecting from everywhere, challenges of understanding modern architecture and implementing security measures like multifactor authentication (MFA), it's clear that protecting user identities isn't easy. In this video, Senior Malware Analyst Tony Lambert and Principal Security Specialist Brian Donohue break down wh...
5 new insights from Red Canary Intelligence
มุมมอง 4343 หลายเดือนก่อน
5 new insights from Red Canary Intelligence
Emulating ransomware threats using Atomic Red Team
มุมมอง 7123 หลายเดือนก่อน
Emulating ransomware threats using Atomic Red Team
The Detection Series: Crypters and loaders
มุมมอง 4493 หลายเดือนก่อน
The Detection Series: Crypters and loaders
Browser-related malware on the rise | Red Canary Threat Intelligence
มุมมอง 2053 หลายเดือนก่อน
Browser-related malware on the rise | Red Canary Threat Intelligence
The dark side of APIs: Uncovering threats to your cloud security
มุมมอง 2434 หลายเดือนก่อน
The dark side of APIs: Uncovering threats to your cloud security
Is your security 'Kenough'? Mastering detection & prevention
มุมมอง 4224 หลายเดือนก่อน
Is your security 'Kenough'? Mastering detection & prevention
The JavaScript threats you need to know about…
มุมมอง 5154 หลายเดือนก่อน
The JavaScript threats you need to know about…
Amber Albatross arrives with stealer capabilities | Red Canary Threat Intelligence
มุมมอง 1984 หลายเดือนก่อน
Amber Albatross arrives with stealer capabilities | Red Canary Threat Intelligence
How to bridge the gap between cloud development & security | Red Canary
มุมมอง 1945 หลายเดือนก่อน
How to bridge the gap between cloud development & security | Red Canary
How we stopped a hospital ransomware attack
มุมมอง 7945 หลายเดือนก่อน
How we stopped a hospital ransomware attack
Cloud security: How to decide if you should do things in-house or outsource | Red Canary
มุมมอง 2375 หลายเดือนก่อน
Cloud security: How to decide if you should do things in-house or outsource | Red Canary
The difference between Scarlet Goldfinch & SocGholish | Red Canary Threat Intelligence
มุมมอง 4455 หลายเดือนก่อน
The difference between Scarlet Goldfinch & SocGholish | Red Canary Threat Intelligence
Stay vigilant against ransomware precursors | Red Canary Threat Intelligence
มุมมอง 2645 หลายเดือนก่อน
Stay vigilant against ransomware precursors | Red Canary Threat Intelligence
3 things to consider when buying EDR | Red Canary
มุมมอง 5306 หลายเดือนก่อน
3 things to consider when buying EDR | Red Canary
Top threats leveraging NetSupport Manager | Red Canary Threat Intelligence
มุมมอง 1156 หลายเดือนก่อน
Top threats leveraging NetSupport Manager | Red Canary Threat Intelligence
Very easy to understand summary Excellent work!
Now I know why executives get paid so much, and get such huge bonuses. I don't know if modern technology is secure enough to use, without incurring huge waste, of resources and attention.
One thing you guys always skip over is that most of those tests will be immedietaly picked up by defender
It's not quite as simple as that. However, to your point, it's best to disable Defender (AV) prior to testing because it will definitely try to block the installation of the atomics library. That said, even with Defender on, I've had tests execute despite Defender claiming to have blocked them. Further, modifying atomics to evade Defender detection logic is pretty trivial. At the end of the day, the point is to assume adversaries have bypassed AV/preventive controls and test visibility and/or secondary detective controls. So, you can do it the hard way by modifying all your tests so they aren't picked up by Defender or you can just accept that adversaries are able to evade signature based detection-and do it the easy way by simply disabling real time monitoring.
@@briandonohue1888 right, thank you very much for the answer, sir
Woo!! Go, Stefi! 🥳
Love the video! I wish you wouldn’t limit this diction/nomenclature to just cloud. All modern software and OSes run off APIs as a way to operate. I feel like it would be more impactful if you just renamed “cloud” to modern software.
This is really cool!
GOOD INFO PER USUAL
this whole webinar is very valueable
great content like really good forbidden knowledge, crazy to me that only 1.5k people have viewed this important resource in 3 years 🎗
We're glad you find it helpful!
@@RedCanary Always when you guys :) i have a big interest in redcaranry,sansdfir,fireye,rapid7 etc etc
my second fav is lateral movement 🤭🤗😏
This is my favorite webinar yet 😈
also wanted to state that yea by default the sys would be UEFI secure boot or csm wit tpm. Thing is if they want that firmware rootkit they could tamper with the bios via a kernel rootkit changed to legacy etc then run whatver they want under under the hood !!
nice, apple talk and apple share are W's
iphonecloudsync as well
the title make me laugh and smile
best demo for kerberoasting i have ever seen
Music to our ears. Thank you!
very well put. As a person looking to generate IOCs this is great and clear. also teaches the red team perspective real well / attacker
We're glad you found value in it!
Thank you for posting these videos.. they’re a big help 🤙🏼
We're happy to help!
Good session, thanks.
Stef Rand is so cool! She could host her own podcast. She has a wealth of knowledge. Tony is brilliant. He's also so cool, calm and collected in front of the camera. They should make this a regular interview series on a wide variety of security topics. Red Canary ROCKS!!
looking forward to seeing much content like this
Are you implicitly stating that the Ransomware attacks were less because the detection capability of Red Canary has improved and as a result we are detecting such malicious activity much early in the attack life cycle.
How many man-days are required to analyze 58,000 threats?
Absoultely perfect job. Please keep going with Defender series
Brilliant!
Promo'SM
yea, I feel like this could have been a 10 minute video 😅
That is helpful feedback, thank you. We'll see what we can do about making our TH-cam edits of our webinars a bit more concise.
👀🎯
Bullseye?
well done, as always. Thanks 4 your great work and cheers to RedCanary
Thank you! Cheers!
amazing content
Thank you!
are these all tecniques already blocked by antivurus as per now?
Good question, there are various levels of protection against these techniques since the publication of this video.
Thought this might be somebody vs Matt and Shane’s secret podcast but I guess not 👎🏻
A secret podcast does sound very fun. Let us know if you're planning one...or don't?
This is very cool. Thank you
Thanks for watching and commenting!
a one hour video to tell you to check application logs and standard registry keys lol fascinating
Appreciate the feedback. We'll look at ways we can make our TH-cam version of webinars more concise.
red canary isnt what it use to be, this is so generic
hater
This was so fetch!!!
Very grool of you to say that @jessicawilliams949
LOL this starter
this title is everything !! :D
This was fun. Favorite quote: " most of the time they're helpful...."
Thanks for watching! We're going to have to do more of these!
'promosm'
Can u go on detail and explain the PE part on windows ?
We've suggested this to our community team as a future video topic. Thanks for the suggestion!
Powershell was the #2 threat in our 2023 Threat Detection Report. Poke around the entire report now: redcanary.com/resources/guides/threat-detection-report/?
So Smartly! Geniuses.
The threat timeline is neat...
Thank you! We've heard over and over again that it is a helpful feature in providing proper context in a quick and meaningful fashion.
This is such a great idea.
Thank you! If you're looking for some more information on Readiness Exercises check this out: redcanary.com/cybersecurity-readiness/?
Looks like this might have hit the news again?
Hot hot hot. Get to know the secret = "promo sm" .
Very interesting and great summary. Outstanding approach!
Glad it was helpful!
Very good explanations, thank you!
Glad it was helpful!