Decrypt and expose malware with SSL/TLS Decryption.
Solution Brief: Investigate, hunt, detect and respond to threats with Gigamon Insight
Video: Moving to the Cloud with GigaSECURE®
ebook: A Sampling of Malicious E-Mail Attachments
Gigamon Applied Threat Research Team
Applied Threat
Research Team
Securing our Customers with Leading-Edge Threat Research
The Gigamon Applied Threat Research (ATR) team’s mission is to dismantle the ability of an adversary to impact our customers. Our team of expert security researchers, engineers and analysts focuses on continuous research of threat actors, emerging attack techniques, and builds leading-edge detection and investigation capabilities leveraging the vast Gigamon Insight network of telemetry and intelligence datasets.
Unraveling the Threat of Chrome Based Malware
Justin Warner and Spencer Walden share a technical analysis of an (allegedly) friendly Google Chrome extension that enabled a potentially massive click fraud campaign with over 200k+ downloads.
Network Forensic Analysis in an Encrypted World
Learn about the research and methodologies for performing network forensic analysis of encrypted communications streams from ICEBRG Co-founder, William Peteroy and Principal Security Engineer, Justin Warner.
Dark Reading
Adobe Flash Zero-Day Spreads via Office Docs
An active exploitation of a zero-day vulnerability in Adobe Flash allows for a maliciously crafted Flash object to execute code on a victim’s computer to gain command line access to the system.
Black Hat Europe 2018
Network Defender Archaeology – An NSM Case Study in Lateral Movement
Adversaries love leveraging legitimate functionality like DCOM for malicious purposes, yet NSM techniques are rarely discussed. Explore DCOM as a lateral movement technique.
ZDNet
Carbanak hackers pivot plan of attack to target banks, the enterprise
FIN7, a group behind the theft of billions worldwide have changed their plan of attack in targeting businesses. Their change of payload may cause detection issues for legacy signatures and detections.
ARS Technica
Stymied by browsers, attackers embed Flash 0-day inside MS Office document
As browsers make it increasingly hard to exploit vulnerabilities in Adobe Flash, hackers move to using Microsoft Office to remotely load Flash content that used a zero-day flaw to take control of computers.
Dark Reading
Four malicious Google Chrome extensions affect 500K users
Threat actors know employees usually trust, and have control over, downloading extensions. Using this, they can execute code via seemingly legitimate applications to gain a foothold.
Applied Threat Research Blog
ADOBE FLASH ZERO-DAY EXPLOITED IN-THE-WILD
ATR identifies an active exploitation of a zero-day vulnerability in Adobe Flash via a Microsoft Office document. The vulnerability allows for a maliciously crafted Flash object to execute code on a victim’s computer, which enables an attacker to gain command line access to the system.
1H 2018 CRIMEWARE TRENDS: A SAMPLING OF MALICIOUS E-MAIL ATTACHMENTS
The team drills into a sample of email attachment threats used in attacks against Gigamon Insight customers during the first half of 2018, and the detection rates of these samples.
ADOBE FLASH ZERO-DAY LEVERAGED FOR TARGETED ATTACK IN MIDDLE EAST
The Gigamon ATR team (formerly ICEBRG’s Security Research Team) has identified active exploitation of a zero-day vulnerability in Adobe Flash that appears to target persons and organizations in the Middle East.
MORE EXTENSIONS, MORE MONEY, MORE PROBLEMS
In January, ICEBRG (acquired by Gigamon) disclosed the presence of malicious Google Chrome extensions that were impacting over a half-million endpoints worldwide, enabling a massive click-fraud campaign and exposing significant risk to enterprises.
Upcoming Events
FloCon 2019
Beyond False Positive Rates: How Machine Learning can Help Tackle Issues of Scale Other than by Improving Accuracy
Tuesday, January 8 | 3:00 p.m.
Speaker: Lindsey Lack
Josh Carlson
Vice President, Applied Threat Research
BIO
Josh Carlson is Vice President of the Gigamon Applied Threat Research team and a co-founder of ICEBRG with more than 15 years of experience in security at the National Security Agency (NSA) and Microsoft. Having spent his career on both the offensive and defensive side of the keyboard, Josh has a passion for building teams and products that enable security operations.
Dan Caselden
Senior Director, Security Research
BIO
Dan Caselden leads the ATR team efforts in researching and prototyping detection capabilities for the latest threats through his expertise in exploit and binary analysis. Prior to Gigamon, Dan built the Vulnerability Research Team at FireEye and ran the Zero-Day Discovery Center responsible for finding previously unknown vulnerabilities and exploitation techniques. His previous work includes binary program analysis at UC Berkeley with BitBlaze, exploit development, DRM analysis, and IP expert witness support from ISE.
Justin Warner
Principal Security Engineer
BIO
Justin Warner is a Principal Security Engineer responsible for conducting threat research and development of network threat detection capabilities. Justin is an US Air Force Academy graduate and served four years as a US Air Force Cyber Operations Officer supporting the US Intelligence Community at the National Security Agency (NSA) before transitioning to private sector. Prior to Gigamon, Justin spent three years as a red team lead where he conducted offensive operations against large multinational corporations and government entities giving him a deeper understanding of threat operations. Justin regularly speaks at various information security conferences and has a passion for sharing research with the community.
Connect with Other Security Experts
Join the conversation in the Gigamon Community Security group.
