The Gigamon Applied Threat Research (ATR) team’s mission is to dismantle the ability of an adversary to impact our customers. Our team of expert security researchers, engineers and analysts focuses on continuous research of threat actors, emerging attack techniques, and builds leading-edge detection and investigation capabilities leveraging the vast Gigamon ThreatINSIGHT network of telemetry and intelligence datasets.
Gigamon ATR
As the security industry continues to see a rise of breaches associated with financially motivated threat groups it becomes increasingly important to understand their motives, objectives and operations.
BankInfo Security
FIN8, a hacking group that made a big splash in 2017 but disappeared before re-emerging earlier this year, is now using a new method to attack point-of-sale systems with the aim of stealing payment card information.
ZDNet
FIN8 is distributing new malware as part of its ongoing goal of stealing and selling payment information from customers of retailers and the hospitality sector.
Gigamon ATR
The Gigamon Applied Threat Research (ATR) team report reveals the behaviors of the Emotet, LokiBot and TrickBot, and illustrates a successful methodology to combatting cybersecurity threats.
Dark Reading
An active exploitation of a zero-day vulnerability in Adobe Flash allows for a maliciously crafted Flash object to execute code on a victim’s computer to gain command line access to the system.
Black Hat Europe 2018
Adversaries love leveraging legitimate functionality like DCOM for malicious purposes, yet NSM techniques are rarely discussed. Explore DCOM as a lateral movement technique.
ZDNet
FIN7, a group behind the theft of billions worldwide have changed their plan of attack in targeting businesses. Their change of payload may cause detection issues for legacy signatures and detections.
ARS Technica
As browsers make it increasingly hard to exploit vulnerabilities in Adobe Flash, hackers move to using Microsoft Office to remotely load Flash content that used a zero-day flaw to take control of computers.
Dark Reading
Threat actors know employees usually trust, and have control over, downloading extensions. Using this, they can execute code via seemingly legitimate applications to gain a foothold.
Director, Applied Threat Research
BIO
Josh Day, Director of Applied Threat Research (ATR), is working to dismantle adversary impact through novel threat research and enhanced product capability. Prior to joining Gigamon, Josh served in the United States Air Force working with the National Security Agency (NSA) where he led and conducted computer network operations. He then transitioned to both the private sector and the defensive side of information security, where he focused on hunting for adversaries in customer networks, and teaching others to do the same. Most recently, he was the lead author of endpoint and network detection content for a Managed Detection and Response (MDR) provider.
Senior Manager, Applied Threat Research
BIO
Michael Lin leads the analytics and security engineering teams within Applied Threat Research (ATR), in the research and development of machine learning capabilities. Prior to Gigamon, Michael co-founded DiDi Labs where he led research and development of an endpoint protection platform and secure email gateway. His previous work includes conceiving and developing detection engines at FireEye Labs, developing a security content management system, and vulnerability research.
Distinguished Security Engineer
BIO
Dan Caselden leads the ATR team efforts in researching and prototyping detection capabilities for the latest threats through his expertise in exploit and binary analysis. Prior to Gigamon, Dan built the Vulnerability Research Team at FireEye and ran the Zero-Day Discovery Center responsible for finding previously unknown vulnerabilities and exploitation techniques. His previous work includes binary program analysis at UC Berkeley with BitBlaze, exploit development, DRM analysis, and IP expert witness support from ISE.