Subscribe to the Red Canary blog to get breaking threat intelligence, detection guidance, and other educational content delivered to your inbox. redcanary.com/blog/#subscribe

It's Koi phishing season! Red Canary Intel has been tracking an activity cluster that drops Koi Loader and a final payload of a .NET stealer. redcanary.com/blog/threat-in…

'To be an engineer is to be a storyteller.' One of our software engineers sat down with Built In Colorado to explain how writing a narrative and coding an application have a lot more in common than you'd think. builtincolorado.com/articles/pride…

Is your security Kenough?? A couple of our brilliant detection engineers explore this question today at 2pm ET. Watch live or on demand -- redcanary.com/resources/webi…

Here's a look under the hood at our managed detection and response (MDR) solution for Microsoft Azure. redcanary.com/blog/security-…

Exciting news! Red Canary now ingests telemetry from Google Cloud Platform (GCP) Audit logs. This means 24x7 threat detection & response, deeper investigations, and greater visibility into your #GCP environment.

Read more: redcanary.com/blog/product-u…

The countdown's on! Just 2 weeks until the Gartner Security & Risk Management Summit in National Harbor, MD. Red Canary will be at booth #457. Stop by, say hello, and grab some exclusive #RedCanary gear (we may even have a few surprises in store). redcanary.com/resources/even…

👋We attempted to take a look at detecting Service Principals reading mail.

Also provided is a prototype 'Big Yellow Taxi' KQL query to find abnormal applications reading mail based on access to our own dataset with some BEC examples.

Hope it's helpful !

If you're in Arlington next week, don't miss Jason Killam's must-see talk SLEUTHCON! He'll dive into the sneaky rise of signed malware, how to identify it, and why defenders should make an effort to get the certificates revoked.

Learn more: sleuthcon.com

Want to catch up on webinars from Red Canary? Subscribe to our YouTube channel! youtube.com/c/RedCanary

Cloud architects need speed. Detection engineers need to stop threats. Can these seemingly opposing forces work together to ensure a secure cloud environment? Join us on Wednesday, June 5 at 3p ET to find out! redcanary.com/resources/webi…

The service principals in Microsoft’s Entra ID can be a boon for business email compromise, but they’re also a key log source for detection. redcanary.com/blog/threat-de…

🔐 We're excited to announce that Red Canary will be joining us as the Bronze Sponsor at the Cyber Security & Cloud Congress North America on June 5th and 6th, 2024!🤝Visit Red Canary booth number 200 to discover more about their innovative products and services. See you there!

Keep up with all things atomic!

Join the Atomic Red Team mailing list to receive updates on the Atomic Red Team family of open source tools and libraries, including test showcases, new releases, and more. redcanary.com/atomic-red-tea…

Buckle up! Tony Lambert has taken a detour through the streets of 'Grand Theft Creds' 🚔🚨🕹️

Tony unpacks the mechanics of information-stealing malware with the expertise of a seasoned pro.

Watch the video now: youtube.com/watch?v=Pt4GXF…

x.com/forensicitguy/…

For even more details on PowerShell, watch our webinar from last year: youtube.com/watch?v=FDpAAY…

While building out a hybrid SOC, how do you decide what to keep in-house and what to outsource? Here’s a simple approach: focus on what’s unique to your business. redcanary.com/blog/manage-yo…

Red Canary Live lands at U.S. Bank Stadium in Minneapolis on 5/30. Explore the critical role of intelligence in the modern SOC. Plus, tour the home of the Minnesota Vikings! Register now: redcanarylive.cventevents.com/event/minneapo…

#RedCanaryLive | #ThreatIntelligence

Analogy time: Cat Self from ATT&CK explains how stashing a file in an installer package is like packing up to move houses.

Watch more clips from our latest Detection Series webinar on our recap blog: redcanary.com/blog/threat-de…