Applied Threat
Research Team
Securing our Customers with Leading-Edge Threat Research
The Gigamon Applied Threat Research (ATR) team’s mission is to dismantle the ability of an adversary to impact our customers. Our team of expert security researchers, engineers and analysts focuses on continuous research of threat actors, emerging attack techniques, and builds leading-edge detection and investigation capabilities leveraging the vast Gigamon ThreatINSIGHT network of telemetry and intelligence datasets.
Unraveling the Threat of Chrome Based Malware
Justin Warner and Spencer Walden share a technical analysis of an (allegedly) friendly Google Chrome extension that enabled a potentially massive click fraud campaign with over 200k+ downloads.
Network Forensic Analysis in an Encrypted World
Learn about the research and methodologies for performing network forensic analysis of encrypted communications streams from ICEBRG Co-founder, William Peteroy and Principal Security Engineer, Justin Warner.
Gigamon ATR
A Look Inside Financially Motivated Attacks
As the security industry continues to see a rise of breaches associated with financially motivated threat groups it becomes increasingly important to understand their motives, objectives and operations.
BankInfo Security
FIN8 Group Returns, Targeting POS Devices With New Tools
FIN8, a hacking group that made a big splash in 2017 but disappeared before re-emerging earlier this year, is now using a new method to attack point-of-sale systems with the aim of stealing payment card information.
ZDNet
Cybercrime gang add new tactics to credit card data-stealing campaign
FIN8 is distributing new malware as part of its ongoing goal of stealing and selling payment information from customers of retailers and the hospitality sector.
Gigamon ATR
How The Most Prolific Malware Traversed Your Network
The Gigamon Applied Threat Research (ATR) team report reveals the behaviors of the Emotet, LokiBot and TrickBot, and illustrates a successful methodology to combatting cybersecurity threats.
Dark Reading
Adobe Flash Zero-Day Spreads via Office Docs
An active exploitation of a zero-day vulnerability in Adobe Flash allows for a maliciously crafted Flash object to execute code on a victim’s computer to gain command line access to the system.
Black Hat Europe 2018
Network Defender Archaeology – An NSM Case Study in Lateral Movement
Adversaries love leveraging legitimate functionality like DCOM for malicious purposes, yet NSM techniques are rarely discussed. Explore DCOM as a lateral movement technique.
ZDNet
Carbanak hackers pivot plan of attack to target banks, the enterprise
FIN7, a group behind the theft of billions worldwide have changed their plan of attack in targeting businesses. Their change of payload may cause detection issues for legacy signatures and detections.
ARS Technica
Stymied by browsers, attackers embed Flash 0-day inside MS Office document
As browsers make it increasingly hard to exploit vulnerabilities in Adobe Flash, hackers move to using Microsoft Office to remotely load Flash content that used a zero-day flaw to take control of computers.
Dark Reading
Four malicious Google Chrome extensions affect 500K users
Threat actors know employees usually trust, and have control over, downloading extensions. Using this, they can execute code via seemingly legitimate applications to gain a foothold.
Applied Threat Research Blog
Josh Carlson
Vice President, Applied Threat Research
BIO
Josh Carlson is Vice President of the Gigamon Applied Threat Research team and a co-founder of ICEBRG with more than 15 years of experience in security at the National Security Agency (NSA) and Microsoft. Having spent his career on both the offensive and defensive side of the keyboard, Josh has a passion for building teams and products that enable security operations.
Justin Warner
Director, Applied Threat Research
BIO
Justin Warner is a Principal Security Engineer responsible for conducting threat research and development of network threat detection capabilities. Justin is an US Air Force Academy graduate and served four years as a US Air Force Cyber Operations Officer supporting the US Intelligence Community at the National Security Agency (NSA) before transitioning to private sector. Prior to Gigamon, Justin spent three years as a red team lead where he conducted offensive operations against large multinational corporations and government entities giving him a deeper understanding of threat operations. Justin regularly speaks at various information security conferences and has a passion for sharing research with the community.
Dan Caselden
Distinguished Security Engineer
BIO
Dan Caselden leads the ATR team efforts in researching and prototyping detection capabilities for the latest threats through his expertise in exploit and binary analysis. Prior to Gigamon, Dan built the Vulnerability Research Team at FireEye and ran the Zero-Day Discovery Center responsible for finding previously unknown vulnerabilities and exploitation techniques. His previous work includes binary program analysis at UC Berkeley with BitBlaze, exploit development, DRM analysis, and IP expert witness support from ISE.
Josh Day
Principal Security Engineer, Applied Threat Research
BIO
Josh Day is the technical lead for the detection and intel teams within ATR. Prior to joining Gigamon, Josh served in the United States Air Force working with the National Security Agency (NSA) where he led and conducted computer network operations. He then transitioned to both the private sector and the defensive side of information security, where he focused on hunting for adversaries in customer networks, and teaching others to do the same. Most recently, he was the lead author of endpoint and network detection content for a Managed Detection and Response (MDR) provider.
Connect with Other Security Experts
Join the conversation in the Gigamon Community Security group.
- ©Gigamon 2019