Applied Threat
Research Team
A world-class team giving bad guys a bad day
The Gigamon Applied Threat Research (ATR) team has a mission to create leading-edge detection, investigation and response capabilities to support the Gigamon Insight solution through world-class threat research.
Our experts leverage Insight to continually research and understand the emerging capabilities, tactics and motivations of today’s threat actors. In addition, the research team disrupts threats by developing and curating detection capabilities for Gigamon Detect that enable you to identify known threat indicators and generic adversary behavior.
Network Forensic Analysis in an Encrypted World
Learn about the research and methodologies for performing network forensic analysis of encrypted communications streams from ICEBRG Co-founder, William Peteroy and Principal Security Engineer, Justin Warner.
ARS Technica
Stymied by browsers, attackers embed Flash 0-day inside MS Office document
As browsers make it increasingly hard to exploit vulnerabilities in Adobe Flash, hackers move to using Microsoft Office to remotely load Flash content that used a zero-day flaw to take control of computers.
Dark Reading
Four malicious Google Chrome extensions affect 500K users
Threat actors know employees usually trust, and have control over, downloading extensions. Using this, they can execute code via seemingly legitimate applications to gain a foothold.
ZDNet
Carbanak hackers pivot plan of attack to target banks, the enterprise
FIN7, a group behind the theft of billions worldwide have changed their plan of attack in targeting businesses. Their change of payload may cause detection issues for legacy signatures and detections.
Applied Threat Research Blog
ADOBE FLASH ZERO-DAY LEVERAGED FOR TARGETED ATTACK IN MIDDLE EAST
The Gigamon ATR team (formerly ICEBRG’s Security Research Team) has identified active exploitation of a zero-day vulnerability in Adobe Flash that appears to target persons and organizations in the Middle East.
MORE EXTENSIONS, MORE MONEY, MORE PROBLEMS
In January, ICEBRG (acquired by Gigamon) disclosed the presence of malicious Google Chrome extensions that were impacting over a half-million endpoints worldwide, enabling a massive click-fraud campaign and exposing significant risk to enterprises.
MALICIOUS CHROME EXTENSIONS ENABLE CRIMINALS TO IMPACT OVER HALF A MILLION USERS AND GLOBAL BUSINESSES
Most leading web browsers, including Google Chrome, offer users the ability to install extensions. While these web-based applications can enhance the user's overall experience, they also pose a threat to workstation security with the ability to inject and execute arbitrary code.
Josh Carlson
Vice President, Applied Threat Research
BIO
Josh Carlson is Vice President of the Gigamon Applied Threat Research team and a co-founder of ICEBRG with more than 15 years of experience in security at the National Security Agency (NSA) and Microsoft. Having spent his career on both the offensive and defensive side of the keyboard, Josh has a passion for building teams and products that enable security operations.
Dan Caselden
Senior Director, Security Research
BIO
Dan Caselden leads the ATR team efforts in researching and prototyping detection capabilities for the latest threats through his expertise in exploit and binary analysis. Prior to Gigamon, Dan built the Vulnerability Research Team at FireEye and ran the Zero-Day Discovery Center responsible for finding previously unknown vulnerabilities and exploitation techniques. His previous work includes binary program analysis at UC Berkeley with BitBlaze, exploit development, DRM analysis, and IP expert witness support from ISE.
Justin Warner
Principal Security Engineer
BIO
Justin Warner is a Principal Security Engineer responsible for conducting threat research and development of network threat detection capabilities. Justin is an US Air Force Academy graduate and served four years as a US Air Force Cyber Operations Officer supporting the US Intelligence Community at the National Security Agency (NSA) before transitioning to private sector. Prior to Gigamon, Justin spent three years as a red team lead where he conducted offensive operations against large multinational corporations and government entities giving him a deeper understanding of threat operations. Justin regularly speaks at various information security conferences and has a passion for sharing research with the community.
Connect with Other Security Experts
Join the conversation in the Gigamon Community Security group.
