Our thoughts on cybersecurity.

Low & Slow Data Exfiltration Via DNS Tunneling

DNS tunneling is an especially effective and insidious method of data exfiltration that attackers like to deploy to get data off your network. Security practicioners may not pay as much attention to their DNS as they should, despite the huge risks for significant data exfiltration they present. But many security think-tanks, including the SANS Institute, recommend that security pros build in DNS monitoring into their regular practices -- as do we.

Read Low & Slow Data Exfiltration Via DNS Tunneling

Detecting Exfiltration Over SSL

Right now there's a big push to encrypt everything. With data breaches gathering attention in the news and customers' privacy and trust being broken with each attack, more encryption makes sense. Not using SSL is a basic task to fix, and firms not offering SSL seem to be shrinking. The near-universality of SSL seems inevitable. But the ubiquity of SSL can also present challenges, especially for traditional IPS and DLP solutions.

Read Detecting Exfiltration Over SSL

Austin Cybersecurity Scene Primer

I've been in Austin, Texas for over five years now and have gotten to know the cybersecurity scene here pretty well. There are a lot of cybersecurity companies and jobs moving into Austin and that's great for the scene. There are also a large number of students and people trying to switch careers and ask me how can they get started into cybersecurity.

Read Austin Cybersecurity Scene Primer

Why Cloud-based Security Is The Future

A question we get now and then is why we specifically decided to build vThreat as a cloud-based solution. Though there was initially some resistance in the industry to any kind of cloud-based security, thankfully this perception is changing as more and more apps and services go to the cloud. We can't say we're surprised: We strongly believe that a security solution in the cloud holds huge benefits over old school agent-based security. Here's why.

Read Why Cloud-based Security Is The Future

EICAR is the New EICAR

EICAR is the old school text pattern that is used to test antivirus software. I say old school because it's been around forever and traditionally has focused on end-point antivirus.

Read EICAR is the New EICAR

vThreat Environments

There are many different ways to define what an environment is when it comes to cybersecurity. For example, some may define an environment by a network, location, network segment, VLAN, DMZ, etc.

Read vThreat Environments

Testing Email DLP with vThreat

Email-based data loss prevention (DLP) can be more complicated that it initially looks. It's often much more complex than attempting to mirror ports or analyze traffic with network taps. There are several different email protocols that can hinder the process of monitoring the traffic for starters.

Read Testing Email DLP with vThreat

Testing OpenDNS with vThreat

The vThreat Malware Hosts App allows an organization to simulate communications with domains that were once used as part of malware campaigns. We reclaimed the domains so our customers can use them for adversary simulations. The purpose of this particular simulation is for organizations to use DNS monitoring capabilities to practice detection and response.

Read Testing OpenDNS with vThreat

Windows Reverse Shells

vThreat Platform has loads of Apps that allow you to simulate adversaries on your network. In this post I'll cover the concept of reverse shells. A reverse shell is when an adversary triggers an outbound command line session to a system that they control.

Read Windows Reverse Shells

Mimikatz and Powershell

Mimikatz and Powershell are both heavily used for post exploitation by your adversaries. We added downloads and the ability for you the receive Mimikatz and Powershell files via email. Ideally your organization should be able to detect movement of these files through your network.

Read Mimikatz and Powershell

DNS Tunnelling Forensics

DNS Tunnelling is a data exfiltration technique used by attackers to siphon data out of your network. In this video we show how anyone can use vThreat Platform to simulate this adversary behavior on your network. You'll also get a quick lesson in Wireshark if you don't watch out.

Read DNS Tunnelling Forensics

Press Release for vThreat Apps

Organizations spend time money and effort on people, process and technology to defend its corporate networks and sensitive company information. Breaches occur when there is a breakdown in one or all of these security elements' said Marcus J. Carey , Founder. 'We have designed our vThreat SaaS platform to specifically allow organizations to effectively stress test their entire security controls such that the organization can know exactly how its people, process and technology will respond when there is an actual cyber event.

Read Press Release for vThreat Apps

Introducing vThreat Apps

Some people find it hard to believe that organizations continuously purchase and deploy cybersecurity solutions that do not work in their environments. Sometimes the solutions initially work, but over time lose efficacy for a variety of reasons. This is a major issue that we aim to help our customers address at vThreat.

Read Introducing vThreat Apps

vThreat Labs: It’s a Community Thing

Our mission at vThreat is to create easy use software for security professionals. vThreat's attack simulation platform allows organizations to test their security controls and defense in depth architecture. Our roots are firmly entrenched in the information security community and ecosystem. We realize there are many beneficial tools that could benefit the at large community.

Read vThreat Labs: It’s a Community Thing