Tales from the Trenches: Assumptions & Out-of-Country Investigations

Challenging Your Assumptions As an investigator, I’ve learned to be always challenge assumptions while also being keenly aware of the natural perspective I may bring to cases, which may blind me in problem solving. The cultural influences that I grew up with in the United States and the natural optics I view the world could be vastly different from the country where I am conducting an investigation. In one case, I found myself in a country in Latin America investigating a complicated persistent business compromise being implemented through both electronic and human means. I had already been working on

ShadowDragon and DeliverFund Partner to Catch Human Traffickers

PRESS RELEASE Cheyenne, Wyoming – December 15, 2016 -- ShadowDragon, a company that develops specialized digital investigations technology, and DeliverFund, a nonprofit dedicated to disrupting sex trafficking markets are actively partnering to track criminals and free victims. Human sex trafficking is a real and ugly crime in the U.S. with networks present in every state, and exploiting an estimated 100,000 minors each year, per the National Center for Missing & Exploited Children. DeliverFund is reducing this number by combining uniquely qualified personnel with today’s best technologies – like those offered by ShadowDragon -- and then leveraging them in new

Artifacts, Speculation and Compromised Secrets at the Democratic National Committee and more...

Six different artifacts had been discovered with our MalNet Maltego transforms (connected to @Proofpoint Data), showing a possible six other compromises and or artifacts related to DNC networks. The buzz of cyber compromise has been booming since the AP released some interesting points on the Hillary Clinton email compromise. This was followed up by Brian Krebs on May 16th, 2016 noting less than average internet security practices by the Clinton foundation. We looked into some of the issues noted and discovered a few interesting data points relating to this compromise described in the screenshot below. To make cyber matters worse,

The Cyber Crime Chronicles: The Cyber Criminal

In our third of several articles on the main combatants most of us in the threat intelligence and information security world deal with, we’re going to profile the cyber-criminal. Perhaps the most nefarious, these attackers are driven almost exclusively by financial gain. These criminals typically target personal and corporate systems, and range in skill from Nigerian 419 phishers, to authors of advanced ransomware, software that takes over a computer and requires a ransom to be paid before the computer is unlocked. The attacks these criminals use range from blackmail (think the Ashley Madison hacks) to ransomware to phishing and

MalNet Maltego Transforms with ProofPoint Data

MalNet accesses the Proofpoint ET Intelligence™ comprehensive database that contains current and historical malicious IP addresses and domains. In this blog post we share screenshots of Maltego 4 and a quick youtube video. In this example, we cover 15 domains related to GozNym campaigns that operated in the month of April, 2016. MalNet with GozNym In the examples below, within the screenshots provided we cover malware associated with the domains manualtatex.com and houndsofcullen.com, identifying related malware, IP addresses, associated domains and IDS signatures related to traffic generated by malware. Starting with a Hash Get DNS Lookups Acquire Related