Our blog is a playground with fresh ideas about security and our approach.

29 Apr

Practical application of MITRE ATT&CK™ in threat hunting


The MITRE ATT&CK™ knowledge base framework is not only an excellent resource, it also provides the global cybersecurity community with a common language for explaining incidents and understanding how attackers operate. Incorporating it into our deception solution allows us to represent and visualize what is actually happening in a controlled and monitored environment, modeling the cyber attack in real time. Further to this, it displays information in a way we, analysts, are becoming more familiar with, giving us an increasingly thorough understanding of what the data is showing us.

15 Apr

Nine dates for your cyber security diary


The global events calendar for the cyber security industry never fails to provide us with plenty of opportunities to connect, collaborate and catch up with friends old and new. Wherever your 2019 schedule takes you, don’t miss the chance to get fresh cyber security updates, stay up to date with the newest threat trends and catch up with the cybersecurity community at the following leading industry conferences, summits and symposiums.

29 Mar

Tool Up Your Threat Hunting Team with Deception Technology


Deception is a natural fit with threat hunting and threat intelligence gathering: it allows teams to engage with adversaries earlier in the attack sequence that has been defined by the MITRE ATT&CK framework. Here we explore and explain the benefits of using high-end, full-spectrum deception in the context of today’s threat hunting challenges. Download the full white paper. Strike first Security has always been a game of cat and mouse, in which the defender is always one step behind the enemy.

6 Mar

CounterCraft presents fully MITRE integrated platform that tools up threat hunting teams at RSA Conference SF


It’s the third year running at USA RSA Conference for CounterCraft, and this year we’re proud to be representing the UK Government’s Department of International Trade as GCHQ alumni, as the business continues to expand its presence in the UK and global market. The groundbreaking CounterCraft platform aims to revolutionize the lives of threat hunters and analysts the world over, and is the product of continuous and meticulous customer-driven development. The most recent iteration delivers a vastly improved user experience and allows organizations to engage with and control attackers within highly credible synthetic environments.

18 Feb

4 things we’re most looking forward to at RSA Conference 2019


You’ll find us at RSA Conference 2019 4-8 March in sunny San Francisco, in the South Expo booth 3342. We recommend getting in touch to book a demo or a meeting in advance to help you make the most of your time at the conference. CounterCraft CEO, David Barroso, will be joined by CSO Dan Brett and Threat Intelligence Business Area Lead, Nahim Fazal, so don’t miss your chance to get to know the team better, or catch up over a beer if you’re already acquainted.

6 Feb

Café con Leche with Dan Brett, Chief Strategy Officer at CounterCraft


Last year CounterCraft celebrated many milestones and successes, and pivotal to it all was none other than Co-Founder and CSO, Dan Brett. Dan works hand in hand with CEO, David, in leading the business and oversees the end-to-end sales and marketing operation. We secured a slot in his diary to sit down and talk about some of the next steps planned for CounterCraft, and to get his views on the state of the cyber deception market.

22 Jan

Using Deception to Protect Active Directory Pt. 2


[This is part two of a two-part series to describe how CounterCraft deception technology can be used to protect Microsoft Active Directory] In the previous post we talked about the basic concepts behind a typical campaign deployed to protect an Active Directory installation using the CounterCraft Cyber Deception Platform. The deception technology is used to detect this activity in three distinct areas: 1) Detecting Enumeration of AD Credentials at the Endpoint

14 Jan

Using Deception to Protect Active Directory Pt. 1


[This is part one of a two-part series to describe how CounterCraft deception technology can be used to protect Microsoft Active Directory] Microsoft Active directory is really the default enterprise network operating system. It’s everywhere. It is where we store all our network, user and infrastructure data. To quote the O’Reilly big book of “Active Directory”¹: “Active Directory enables administrators to manage enterprise-wide information efficiently from a central repository that can be globally distributed.

17 Dec

Our top 5 most read cybersec blogs of 2018


Arbitrary Code Guard vs. Kernel Code Injections Throwback to May 2018 when we analyzed the common means of attack used by the WannaCry and Slingshot malware. The Windows 10 Creators Update had just been released and introduced new techniques for mitigating against remote code execution. This blog focuses on one mitigation technique in particular; the Arbitrary Code Guard, an update on the dynamic Code Restrictions mitigation. Alonso Candado, Security Software Engineer at CounterCraft, demonstrates how the Arbitrary Code Guard works, and tests its effectiveness against kernel code injections that are commonly used by malware.

11 Dec

30 minutes with David Barroso, CEO of CounterCraft


It’s been a year full of significant milestones for David Barroso, CEO and Co-founder of cybersecurity startup CounterCraft. We spent just half an hour with the man in very high demand before he headed off to his next industry conference and penultimate event of the year in Brussels. So, David, to get us started, how would you sum up deception technology in 280 characters? OK! I’m glad Twitter extended their character limit…here goes.