Our blog is a playground with fresh ideas about security and our approach

19 Jan

Deception Isn’t Plug and Play


Deception in cybersecurity offers a way to catch insider threats, a way to get alerts that are virtually 100% accurate, and a way to receive real time threat intel on your attack surface. So it should come as no surprise that deception as a solution is more than plugging in a box and hoping for the best. Wait, what? Surely as a provider you want to say things are a ‘super easy, fire and forget one-click to paradise’?

13 Jan

Cobalt Strike Explained—What it is and How to Detect it | Founder Chat


Cobalt Strike is a penetration testing tool that allows attackers to deploy beacons on a victim’s machine. It is used in the post-exploitation stage, and it allows attackers to move laterally, escalate privileges, and other useful actions. In this video, we talk about how criminals are making use of this tool with cracked versions across the internet. Does Cobalt Strike make a safer cyber world? Watch the debate with our C-suite and see the three ways we recommend detecting Cobalt Strike.

12 Jan

CounterCraft Threat Intel Software and Services on GSA Schedule


Today, we’re proud to share that CounterCraft’s Cyber Deception Platform and expert threat intelligence services are now available on iGov’s GSA Schedule and GSA Advantage. The GSA Schedule is a large government-wide contract that serves as a marketplace for federal agencies and state and local governments to purchase products and services. This means that anyone in the government can now utilize our market-leading deception software by simply going online and purchasing through the shopping cart.

5 Jan

Top Cybersecurity Threats to Watch In 2022


Will 2022 be the year of cybersecurity? 2021 was the year we adjusted as a society to the new normal, a world with a deadly virus in permanent circulation. Our lives became ever more digital, and threat actors have not hesitated to take advantage of this new, and often underprotected, landscape. According to the 2021 IDG Security Priorities Study, “90% of security leaders believe their organization is falling short in addressing cyber risk”.

30 Dec

What We're Reading


2021 was a wild ride when it came to the cybersecurity sector. Loads of interesting news (and one big one) kept us busy in December. Read on for what our team has found interesting this month. Log4Shell: RCE 0-Day Exploit Found in Log4J This regularly updated post is a great place to find information on the latest vulnerability to rock the sector, the log4j vulnerability. The post includes an Updated Mitigation Guide, including an automated scanning tool.

28 Dec

A Look Back at 2021 | Founder Chat


2021 was quite a year in the cybersecurity realm. Watch as our founders, Dan Brett and David Barroso, take a look back at the year’s highlights, big news, and goings on at CounterCraft. In this video, they talk about which predictions David got right last year at this time, the most widely read content on our site this year, and what happened in 2021 at CounterCraft. Watch to the end to get a sneak preview of a special project coming up in 2022.

23 Dec

Letter from the Founders


December 23, 2021 From our R&D headquarters in San Sebastián, Spain “A New Hope” 2021 has been a remarkable year for everyone around the world, and the same holds true for the team at CounterCraft. In the midst of the personal and societal difficulties and tragic consequences of the COVID pandemic, we have found some glimmers of positivity. We are really pleased to share that 2021 has been an outstanding year for CounterCraft.

21 Dec

Kubernetes as a Deception Platform: Introduction


You may have heard of Kubernetes, what it is and how it works. At the moment it is one of the hottest technologies when it comes to building a distributed environment in the cloud, public or private. This is the first of several blog posts in the Kubernetes as a Deception Platform series. In this series, you will learn about Kubernetes and why it matters from a cybersecurity point of view.

17 Dec

Cyber CEOs React to log4j Vulnerability


The “worst computer vulnerability in decades” is how professionals are categorizing the recently discovered log4j vulnerability. Watch this video, featuring CounterCraft CSO Dan Brett and CEO David Barroso, to get their take on the log4 vulnerability. Find out what happened when CounterCraft deployed deception decoys across the internet featuring the vulnerability. Log4Shell, a critical security flaw in Log4j, This open source logging software is employed in everything from Minecraft to enterprise software, and since the vulnerability was discovered a week ago, security teams are rushing to fix it while threat actors try to take advantage of it.

16 Dec

The Psychology of Cyber Deception


Digital attacks are assaults, often anonymous, that have a global impact and a huge economic toll. Even so, behind every attack is not some super computer, but a person. Attackers are human, too. Attackers’ human nature is a weakness to be exploited by defenders in the cybersecurity realm. In previous posts we talked about how knowledge about your assets and network, information your adversaries don’t have (at least, at first glance ), can be used to the defender’s benefit when building a more resilient security solution.

Page 1 of 22