Blog

Bluetooth Blues

September 15th, 2017 by CS Research

The proliferation of wireless devices in the world is astounding, and one of the most widely used are Bluetooth, at an estimated capable device count north of 8 billion. Earlier this week, researchers at Armis released information on their website about an attack vector dubbed “BlueBorne”. The list of vulnerable and exploitable devices spans Android […]

Read More

Embedding Security in a DevOps World

September 5th, 2017 by Aaron Lennon

Times are changing. The days of rigid and lengthy software development life cycles are nearly gone as we move forward into a world of agile code development and DevOps. This is great from a user perspective, as we deliver more features and improved user experience, but this brings about new challenges for security. It was […]

Read More

Security Automation and Orchestration: An Analyst Perspective

August 21st, 2017 by Troy Santana

Security Automation and Orchestration (SAO) Platforms are the newest players in the security landscape focusing on easing the burden of alert-fatigue. Working as a lead in a Managed Services Security Operations Center (SOC), solutions that claim to automate actions, lower time-to-response, and minimize required headcount peak my interest. SAOs operate by implementing logical decision trees […]

Read More

The New Ransomware that makes WannaCry Wanna Cry

June 27th, 2017 by CS Research

Today, 27 June 2017, a new malware has begun attacking networks around the world. Petya, also known as Petrwrap, is the name and encrypting your information is its game. It has shown itself to be different than other ransomware of late. This one does not encrypt files one at a time but denies user access […]

Read More

So You’ve Had an Incident?

May 31st, 2017 by CS Research

Security incidents are an unavoidable occurrence. If your security team has never observed a security incident, there is likely a hole somewhere in your monitoring and alerting process, and you’ve missed it. That said, the initial signs of a breach or security incident are rarely black and white. The most advanced threat actors can stealthily […]

Read More

The Devil’s in the Subtitles

May 23rd, 2017 by CS Research

Wide spread malware affecting media players On May 23rd, 2017, Checkpoint found a vulnerability in four popular media players that uses a new attack vector by creating malicious subtitle files to infect computers, smartphones and smart TVs. Once the files are downloaded, an attacker can potentially take complete control over the device. Over 200 million […]

Read More

WannaCry Recap

May 15th, 2017 by CS Research

Friday could not have come sooner for some last week. For the rest of us, we may have wished Friday never happened. What is now being considered the most “successful” and prolific ransomware campaign took off like a wildfire in a dry forest. We’ve all heard the name, WannaCry, hopefully it did not make anyone […]

Read More

WannaCry IOCs and Technical Details

May 12th, 2017 by CS Research

Technical Details It is currently unclear whether this payload is delivered via malicious attachment or through the WAN using the FuzzBunch EternalBlue SMB exploit. The malware behaves much like typical ransomware during execution on the victim’s machine. Below are the operations that are ran via cmd.exe: /c vssadmin delete shadows /all /quiet & wmic shadowcopy […]

Read More

WannaCry? You might.

May 12th, 2017 by CS Research

Urgent information regarding WanaCrypt/WannaCry/WCry Ransom-ware Outbreak Today, 12 May 2017, a massive ransomware outbreak has been reported across the globe. There are reports of computer systems completely locked up in Russia, Western Europe, East Asia and North America. British hospitals and a Spanish telecom company have been the largest confirmed victims thus far, along with […]

Read More

Zero Trust and Microsegmentation

May 10th, 2017 by Chris Yates

by Chris Yates | Senior Security Architect | [email protected] Adoption of Zero Trust and Micro-Segmentation as core design principles can help improve the security posture of your network and attached systems. However, it is important to understand how we got to our current state in order to understand how these principles can help us. Let’s do a quick […]

Read More

Mitigating Against the Shadow Broker Exploit Dump

April 17th, 2017 by Jim Daniel

On Friday, April 14, a group called “Shadow Brokers” released multiple exploits and tools, purported to be from the NSA, entitled “Fifth Leak: Lost in Translation”. Over the holiday weekend, the Critical Start research team and the greater InfoSec community went through and analyzed many of the tools. Affected Systems The tools are primarily comprised […]

Read More

Threat Intelligence?

April 8th, 2017 by Randy Watkins

by Randy Watkins | Director, Security Architecture | [email protected] With the uptick in Cyber Crime, security professionals are looking for methods to gain an edge.  Many security professionals are attempting to gain this edge using detection technologies like Intrusion Prevention Systems (IPS), or logging solutions like System Information and Events Monitors (SIEMs) and Endpoint Detection and […]

Read More

Hijacking the CEO’s Email Account

October 13th, 2016 by Jim Daniel

Why Security Teams Need a Second Set of Eyes During a recent penetration test, I hijacked the client’s email server, posed as the client CEO, and sent a fraudulent email to the client CFO asking the CFO to wire $10,000 USD to an offshore bank account. Interestingly, after receiving a string of actual malicious phishing […]

Read More

On the Reliance of Client Side Security

September 22nd, 2016 by Jim Daniel

I recently conducted a penetration test of a web application. Because of design decisions, I was able to bypass CAPTCHA to brute force user accounts and, ultimately, bypass file upload restrictions to upload malware onto the web server and into the internal network environment. The owner had taken a healthy view of security, had conducted […]

Read More

Picking the Right Silver Bullet

May 15th, 2016 by Randy Watkins

  With the current state of cyber security, the market has become inundated with “solutions”. When every manufacturer is selling hammers, then all problems look like a nail. Security personnel are expected to evaluate solutions, while still trying to find time for operational tasks. After the media fills executives’ minds with the latest security buzzwords, […]

Read More

What Are the Mistakes That Get Hackers Arrested?

April 29th, 2016 by Rob Davis

At Critical Start we use a concept called the Defendable Network and map organizations to SecCon levels designed to give companies a chance against threat actors of varying skill levels.  We group threat actors skill levels into: Untrained Attacker (just gets lucky) Novice Attacker Intermediate (using automated tools mostly) Advanced Expert Phineas Fisher is a Blackhat hacker and […]

Read More

Field Offices

Connect With us