Arbitrary Code Guard vs. Kernel Code Injections

Throwback to May 2018 when we analyzed the common means of attack used by the WannaCry and Slingshot malware. The Windows 10 Creators Update had just been released and introduced new techniques for mitigating against remote code execution. This blog focuses on one mitigation technique in particular; the Arbitrary Code Guard, an update on the dynamic Code Restrictions mitigation. Alonso Candado, Security Software Engineer at CounterCraft, demonstrates how the Arbitrary Code Guard works, and tests its effectiveness against kernel code injections that are commonly used by malware. Refresh your memory and Read it in full herer.

This is what enterprise cyber counterintelligence looks like

This blogpost celebrates our deep expertise in cyber security, applied digital counterintelligence methods, and related technologies following recognition from Red Herring and 2018 Info Security Product Guide at RSA Conference 2018. Here we take a closer look at each of our four primary Cyber Deception platform components – Deception Assets, Deception Support Nodes, the Deception Director, and the Console – as well as the unique capabilities build into the Cyber Deception Platform that simplify lifecycle management across the deception environment to deliver highly actionable intelligence. Go back to basics with the original blog.

Adopt robust breach detection and meet one of the key GDPR requirements

Following the enforcement of the new GDPR on 25 May 2018, we launched this white paper that explains the specific requirements organisations must adopt in order to comply with the Article 83 and its reference to data breaches. This resource focuses on the need for organisations to ensure that they have robust breach detection and investigation mechanisms in place, and the way in which the CounterCraft Cyber Deception Platform can be applied to solve this need. Data breaches are often talked about solely in the context of regulatory costs and short term damage to share prices. It is important to consider, however, the high value, indirect financial losses that are also incurred by any cyber attack, regardless of whether it makes the headlines. Warm up for the full white paper with the summary blog.

Deception deconstructed: how CounterCraft 2.0 works

Richard Barrell, Product Manager at CounterCraft, seized the opportunity to delve into the detail following the momentous release of CounterCraft 2.0 at the end of September 2018. This is an enlightening overview of a product release that represented a new level in development for CounterCraft and serves as a strong reminder why deception is so effective in the context of threat intelligence. This blog breaks down the components of deception and the platform itself, and explains how the results reveal valuable insights into who is trying to attack and, more importantly, why. Watch this space for more developments in 2019 that will continue to revolutionize the role of the Threat Hunter. Take another look today.

How to fight threats in the modern age

This blog was written by Mikel Gastesi, Senior Threat Analyst at CounterCraft and focuses on attack attribution. Mikel connects the dots between traditional problem solving techniques and deception, with emphasis on the need to develop systems that are realistic, complete, and worthy of breaking into. Mikel also helps us to differentiate threat modeling and threat mapping, with acknowledgement for the MITRE Att&ck knowledge base as well as the exemplary work done by the threat fighting community. While there is no single solution, this article concludes that the growing maturity of our tools and knowledge is in fact enough to strengthen our defenses. Familiarize yourself with the facts and revisit the blog here.