Profile cover photo
Profile photo
Phil Hagen
402 followers
402 followers
About
Phil's posts

Post has shared content

Post has attachment
Defending your endpoints is complicated and expensive and often leaves comprehensive endpoint security for companies with the biggest security budgets. We’re not ok with that – because every organization is a target. Defending your endpoints is…

Post has attachment
What Red Canary Detects: Spotlight on Process Injection

Red Canary’s threat detection leverages the five event types collected by Carbon Black’s endpoint monitoring platform: file modifications, registry modifications, network connections, process tree information, and binary collection. These data points are…

Post has attachment
One hallmark for many malware events is the regular periodic behavior they present when rallying for and checking in with their command and control servers.  The check-in interval can be a very useful metadata point in hunting an adversary.  However, the…

Post has attachment
“Prevention of bad things” is not an idea unique to the information security world – and not even a new one for us.  For decades, the information security market has been dominated by so-called prevention solutions.  These often promise immunity from…

Post has attachment
The SANS 20 Critical Security Controls are widely viewed as the “Gold Standard” framework for building and evaluating an organization’s security program.  In this article, we will look at several of these controls and how Red Canary helps our clients…

Post has attachment
Medical Records are an Attractive Data Theft Target - why are they so lucrative? http://wp.me/p4CBGQ-mh

While news about data breaches is growing disturbingly common, coverage is often focused on financial data – especially credit cards.  An event with direct impact to a large group of victims makes for a popular news topic, of course.  However, another…

Post has shared content

Post has attachment
2015 DFIR Monterey Network Forensic Challenge Winner and Results Announced: http://for572.com/y4-so

Thanks to everyone that submitted or just played along with the SANS DFIR Network Forensic Challenge!  We had over 3,000 evidence downloads, and more than 500 submissions!  Per the rules, the winner must have answered four of the six questions correctly. …

Post has attachment
Presentation video and slides from last week's Security Weekly show, where I talked about Logstash in forensic investigations.
Wait while more posts are being loaded