Post 2119921 by jerephil@cascadia.social
(DIR) More posts by jerephil@cascadia.social
(DIR) Post #2064379 by thegibson@hackers.town
2018-12-17T23:38:17Z
0 likes, 0 repeats
#infosec time.so I wanted to give you guys a look at what I see in the CarbonBlack PSC when some unfortunate soul executes a cryptolocker variant.screenshot 1 below is the event as logged, showing me the TTPs in use. Of note here is the "WinWord.exe data_to_encryption" tactic.the second screenshot shows that a legitimate app tried to execute.the third, the malware that slipstreamed all thisactivity and tried to succeed at causing someone to have a very bad day... you see, two of those servers shown in the screenshots are the local fileservers... that would have been disastrous.
(DIR) Post #2064506 by thegibson@hackers.town
2018-12-17T23:42:28Z
0 likes, 0 repeats
sorry, third screenshot was wrong.
(DIR) Post #2119017 by crazypedia@toot.chat
2018-12-20T01:51:00Z
0 likes, 0 repeats
@thegibson one day I'll work somewhere that gets all the lovely tools like cb π this is very cool and I could do incident response and investigation like this all day
(DIR) Post #2119326 by thegibson@hackers.town
2018-12-20T02:02:05Z
0 likes, 0 repeats
@crazypedia I think it's the best EDR on the market.I am a partner and reseller, I may be biased.
(DIR) Post #2119347 by crazypedia@toot.chat
2018-12-20T02:03:54Z
0 likes, 0 repeats
@thegibson no I've sat in a few different road shows and workshops. If I had the resources and a large enterprise environment this would be a must. I'd trust this over most outsourced SOCs
(DIR) Post #2119377 by thegibson@hackers.town
2018-12-20T02:05:42Z
0 likes, 0 repeats
@crazypedia Not trying to make a sale, but we do hosting for smaller environments.Under 75 seats, we can host the PSC.
(DIR) Post #2119446 by crazypedia@toot.chat
2018-12-20T02:10:28Z
0 likes, 0 repeats
@thegibson outs is a team of 4, one of which is a part time contractor π
and an environment that is far to early in the maturity model π
(DIR) Post #2119704 by jerephil@cascadia.social
2018-12-20T02:23:04Z
0 likes, 0 repeats
@thegibson We are currently rolling out SentinelOne. How would you compare the two?
(DIR) Post #2119756 by thegibson@hackers.town
2018-12-20T02:25:10Z
0 likes, 0 repeats
@crazypedia well, I can help you if you ever decide to take a look... let me know.Also, you should check out the PSC instead... much more endpoint protection oriented, requires less staff, and gives you most of the threat hunting of response.You don't even have to buy it from me. :)
(DIR) Post #2119837 by thegibson@hackers.town
2018-12-20T02:29:31Z
0 likes, 0 repeats
@jerephil I eval'd SO when we were decideing on a new partner after kaspersky's collapse.We ended up with Carbon Black.As I recall, SO was a decent product, but CB's killchain visulaization, and dectection rate was better....it really came down to actionable intel... and CB beat everyone in the ability to give you info and action you could take enterprise wide, immediately.
(DIR) Post #2119921 by jerephil@cascadia.social
2018-12-20T02:33:20Z
0 likes, 0 repeats
@thegibson SO seems to have much better pricing than CB, but I donβt know what CB partner pricing is like. SO was chosen prior to the merger, so I am mainly just curious. :)
(DIR) Post #2119943 by thegibson@hackers.town
2018-12-20T02:35:11Z
0 likes, 0 repeats
@jerephil SO wasn't a bad product... It came down to them, Cybereason, and CB...My negotiated partner pricing on CB is stupid.like almost 60% off MSRP.we sell a lot of their product... they like me.