Mr. Robot: The Importance of Getting it Right

Q&A with Andre McGregor & Ryan Kazanciyan, the Tanium Duo Working Behind-the-Scenes on USA Network’s Hit Show Mr. Robot, USA Network’s critically-acclaimed cyberthriller, offers viewers a peek into the dark fictional world of a vigilante hacker tasked with saving the world. Though the premise sounds like fantasy, the technology and hacking techniques featured in the...

Hunting for Rogue PowerShell Profiles

During the earliest phases of an intrusion, attackers typically move to establish persistence on at least a subset of compromised systems. This might be to ensure that they can easily regain access to the victim environment, such as via a backdoor, or to keep other forms of malicious code running, such as a keystroke logger....

Back to the Basics: Detecting Malicious Windows Services with Tanium

“The theme I really want you to take away [from this presentation] is: if you really want to protect your network, you really have to know your network.” TAO Chief, NSA, USENIX Enigma 2016 An essential part of “knowing your network” is tracking endpoint persistence mechanisms – the myriad of ways in which an operating...

Assessing What Matters in an EDR Solution

Looking back at 2015, it’s hard to dispute that the security industry has been flooded with Endpoint Detection and Response (EDR) products. Walk the sponsor floor at any conference or sample the white papers and marketing pitches from any vendor web site, and you’ll see the same claims repeated ad nauseam: “Prevent, Detect, and Respond”...