Managed Detection & Response Resources
Defining Managed Threat Servic...
Today’s approach to cybersecurity is broken. That may sound like a harsh statement, but given the shifting nature of...
MTS
Learn More
CASE STUDY: Booz Allen Managed...
Recently a consumer services focused finance firm with $100 billion in assets and over 10,000 employees around the...
MTS
Learn More
INFOGRAPHIC: Booz Allen Manage...
So much goes in to an effective defense. As a CISO, you’re tasked with not only knowing how the pieces of your...
MTS
Learn More
VIDEO: Brian Minick: “Attacker...
Today there are a number of nefarious actors that operate with a variety of motivators such as: business disruption,...
Videos
Learn More
CSO Online
CSO Online: CIOs and CISOs are...
“Unprepared organizations, when notified of a breach by external entities such as the FBI, are increasingly employing...
News
Learn More
Credit Union Times: Google Docs Phished Under OAuth, Door Opened to Copycat Attacks
Credit Union Times: Google Doc...
Experts reacted to a Google Docs phishing attack that hijacked Gmail accounts and spammed contact lists. Google shut...
News
Learn More
Business Courier - Fast-growin...
The firm recently moved into its new headquarters after operating out of temporary space at 4555 Lake Forest Drive. The...
News
Learn More
Deep Dive On The DragonOK Rambo Backdoor
Deep Dive on the DragonOK Ramb...
Summary: Recent new reporting was released on the DragonOK group which unveiled the many versions of the Sysget...
News
Learn More
MiKey - A linux keylogger
MiKey - A Linux keylogger
Linux malware is slowly becoming more popular.  Within the past couple years there were several major incidents...
News
Learn More
Facing Cyber Threats Head On
Facing Cyber Threats Head On
Facing Cyber Threats Head On Protecting Yourself and Your Business ABOUT PREFACE INTRODUCTION...
Learn More
Morphick Intelligence Analysts wanted to take a closer look at some of these binaries and post some analysis so that network defenders can better understand how these tools work.
KLRD Keylogger
Symantec released a report in the beginning of October that talks about Odinaff, which is a new piece of malware used...
News
Learn More
Booz Allen’s Cybersecurity Ser...
Cincinnati, OH - Booz Allen®, the industry leader in incident response as well as the Managed Detection and Response (...
News
Learn More
ScanPOS: new POS Malware distributing Kronos
ScanPOS, new POS malware being...
Just in time for the holidays, a brand new Point Of Sale (POS) malware family has been discovered.  Booz Allen...
News
Learn More
Hundter's Keylogger
Tying malware back to its earlier versions gives us the ability to look at more rudimentary versions of the code. The...
News
Learn More
A Closer Look at Hancitor
A Closer Look at Hancitor
Hancitor is a popular dropper used in phishing campaigns.  It’s often associated with dropping vawtrak and pony....
News
Learn More
The Benign True Positive Challenge
The Benign True Positive Chall...
Recently, we posted an example of something we see a lot at Booz Allen; we have come to call them “benign true...
News
Learn More
True Positive False Positive
False positives are an everyday occurrence for analysts. To an analyst, a false positive, while sometimes time...
News
Learn More
Writing a Malware Config Parse...
Radare2 has been receiving a lot of attention lately. Rather than browsing through some of the documentation, I...
News
Learn More
Exterior image of office building
BernhardPOS - New POS Malware...
Yet another new credit card dumping utility has been discovered.  BernhardPOS is named after (presumably) its...
News
Learn More
TrueCrypt's Egress
Security stories have taken on new life in our post-Snowden information security world.  Truth is stranger than...
News
Learn More
LogPOS - New Point of Sale Mal...
Introduction There has been an explosion in POS malware in the last year.  At Booz Allen, Nick Hoffman and I...
News
Learn More
Targeted Threat Assessment
Webshells and MOF
(Note: If you would prefer a less technical summary, check out Chinese and Russian Attackers Hide In Plain...
News
Learn More
The Mozart RAM Scraper
As a reverse engineer on the Booz Allen Cyber Security team, I spend a large part of my time pulling apart and...
News
Learn More
Booz Allen releases free tool...
Booz Allen Cyber Security is seeing a dramatic increase in the number of companies receiving malicious emails trying to...
News
Learn More
DefCon Reminds Us That There A...
Covering this year's DefCon, NBC Nightly News sat down with attendees to find out what all could be hacked.  As...
News
Learn More
Chinese And Russian Attackers Hide In Plain Sight
Chinese and Russian Attackers...
Booz Allen's Threat Intelligence Team identified a novel technique for maintaining persistence on a remote machine...
News
Learn More
OPM and Anthem Breaches
There has been much reporting that the data breaches at Anthem, and more recently the U.S. Office of Personnel...
News
Learn More
Bringing Sanity To Threat Intelligence
Bringing Sanity to Threat Inte...
This post was inspired by an article I read the other day that highlighted something which struck a chord,  "[m]...
News
Learn More
RSA 2015 Presentation - Gamification of your Global Information Security Operations Center
Gamification of your Global In...
This presentation, originally made by Kevin and Kody McLaughlin at RSA 2015, shows how the Whirlpool Corporation and...
News
Learn More
An Evening With N3utrino
An Evening With N3utrino
Introduction In my previous post I showed off some tricks that malware authors use to check to see if they are being...
News
Learn More
VM Checking and Detecting
I recently noticed a new piece of malware that had made its way into the database. The part that stuck out to me is...
News
Learn More
Reverse engineering LusyPOS and Tor
LusyPOS and Tor
At our day jobs, as reverse engineers at Booz Allen, Jeremy and I have been hunting new POS malware. A new sample...
News
Learn More
A reverse engineering deep dive on the malware Korlia
Curious Korlia
Reverse engineers organize discrete of pieces of malware into families. While digging through my malware collection I...
News
Learn More
Morphick Cyber Security
Network Traffic Anomaly Analys...
Intrusion Detection Systems are a powerful tool in the fight against threats to the network.  Just like any tool,...
News
Learn More
Operational cyber intelligence, when properly applied, can guide security teams to posture defenses against a well-defined threat.
Operational Intelligence
In my last blog post I discussed the importance of strategic intelligence to the enterprise.  To quickly sum it up...
News
Learn More
Strategic intelligence can reveal the adversary's tools and their specific targets
Strategic Intelligence
As an intelligence analyst supporting USAF acquisitions, it was my job to make the acquisition program managers aware...
News
Learn More