Blog

Category: Open Source

Five Facts About Open Source Cyber Threat Intelligence

With the persistence with which cyber-crime is affecting individuals and large enterprises alike, you would think that escalating online threats would be in the news more. These threats aren’t “fun facts” but we wish to shine a light on them anyway.Hackers for hire will perpetuate...

Read More

Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open Source Tools

A couple weeks ago, Nicholas Albright and myself from ThreatStream Labs offered a workshop at BSidesLV 2015 on Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open Source Tools. This was a packed class and we ended up having more attendees than the maximum class size. This made teaching the...

Read More

Evasive Maneuvers by the Wekby group with custom ROP-packing and DNS covert channels

ThreatStream Labs recently became aware of a campaign beginning on 30 June 2015 by the omniprescent Wekby threat actors (a/k/a TG-0416, APT-18, Dynamite Panda). The Wekby actors have recently been observed compromising organizations in the Manufacturing, Technology and Utilities verticals, but have had a long standing interest in the...

Read More

The Blind Spot

In cyber security ignorance is never blissful.  It is down-right scary.  Many security operation teams have yet to develop an internal threat intelligence strategy and are currently operating with large blind spots when it comes to threats.  Let's walk through a simple scenario to help you...

Read More

Digging into ShellShock Exploitation attempts using ShockPot Data

Late last week we developed and relasesed a new open source honeypot, Shockpot, designed to mimic servers vulnerable to ShellShock (CVE-2014-6271) and automatically download payloads from exploitation attempts.  In this blog post we characterize the attacks our global deployment of Shockpot honeypots saw as well as the payloads...

Read More

Introducing ShockPot: The intelligence driven defense against ShellShock

While the security community is still recovering from the Heartbleed exploit disclosed this past April, here comes another game changing vulnerability: ShellShock.  The simple but severe vulnerability is one of the most commonly deployed command line software shells and puts millions of systems at risk to local and...

Read More

Latest Security Trends - Blackhat, Defcon and B-Sides wrap-up

Blackhat, Defcon and B-Sides wrap-upHow are we advancing security?  As the annual conferences have come to a wrap there are some exciting trends to come out of the industry's most exciting annual conferences.  Some of the key take-aways align directly with the vision and products of...

Read More

Create an Army of Raspberry Pi Honeypots on a Budget

Hi! My name is Nathan Yee and I’m an intern at ThreatStream. I’m studying computer science and mathematics at the University of Arizona. Most recently, I worked on deploying a Raspberry Pi as a Dionaea honeypot for the recently announced Modern Honey Network project.Why Internal...

Read More

Modern Honey Network

Today we are excited to announce the Modern Honey Network (MHN). MHN is a enterprise ready honeypot management system which enables organizations to create a fully functional active-defense network in minutes.Honeypots have not received wide adoption as an enterprise defense largely because the deployment and management has been a...

Read More
Register for a Free Anomali Account Register now