UnderDefense Blog
How to detect CobaltStrike Command & Control communication
How to detect CobaltStrike Command & Control communicationBy Bogdan VennykCobaltStrike became part of the Cybercrime’s “toolset” almost in every Company breach. This growth is explained by the fact that CobaltStrike was leaked multiple times and became more...
Detecting DGA domains: Machine Learning approach
Detecting DGA domains: Machine Learning approachBy Alexander RagulinIn this post we are going to take a look at Domain Generation Algorithms (DGA) and an interesting way to detect them with the help of Deep Learning (LSTM neural net, to be precise). DGA domains are...
Supply Chain Cyber-Attack Risk Mitigation for Software Tech firms and Insurance domain
Supply Chain Cyber-Attack Risk Mitigation for Software Tech firms and Insurance domainSupply Chain Cyber Resiliency is emerging as one of the top risk management challenges needing addressed by the InfoSec industry in 2021By Nazar TymoshykCEO at UnderDefenseCurrent...
UnderDefense becomes a member of MPN (Microsoft Partner Network)
UnderDefense enters strategic partnership with Microsoft Azure Companies in various industries increasingly choose cloud as a primary location to store data or plan to migrate to the cloud. Such infrastructure is much more flexible for data modernization and analysis....
Ethical Hacking. How to not end up with a false sense of cybersecurity?
Ethical Hacking. How to not end up with a false sense of cybersecurity? By Nazar TymoshykCEO at UnderDefenseDo I have a false sense of cybersecurity? We all know the cliché “ignorance is bliss”, but along with that there is another proverb, (and a song by the Byrds),...
UnderDefense and Accedian Partner to Deliver Cyber Resiliency Suite
UnderDefense and Accedian Partner to Deliver Cyber Resiliency SuitePress Release: January 19, 2021 UnderDefense and Accedian announced the launch of a partnership product to provide businesses with a suite of cyber security services. The main aim of our team is to...
Risk-based cyber resiliency
Risk-based cyber resiliencyCustomer view: Guest blog by Michael Rezek, VP, Cybersecurity Strategy at AccedianIt’s may be possible to spend less on cybersecurity and get more protectionWhat we have witnessed over the last couple of decades as the traditional approach...
How to protect from COVID-19 Cyber Attacks
How to protect from COVID-19 Cyber Attacks: Practical Use-Case By Mykhailo PazyniukIt is not new that COVID-19 pandemic influenced the lives of humanity in the XXI century. However, it has influenced not only health and economy. Cyber criminals have been quick to...
Detecting reconnaissance activity in your network
Detecting reconnaissance activity in your networkBy Bogdan VennykOne of the main services we provide at UnderDefense is 24x7 Monitoring with our Security Operation Center (SOC) and a critical part of great SOC is ..., RIGHT! - its detection capabilities. That is why...
Black Friday. How To Avoid Major Cybersecurity Risks
Black Friday. How To Avoid Major Cybersecurity RisksBy Iryna YamborskaBlack Friday is coming! Pleasant time of hot sales. Pleasant not only to those people who prepare Christmas gifts but also to hackers who want to make money on the desire of users to buy cheaper...
Incident Response Life Cycle| UnderDefense
Incident Response Lifecycle|UnderDefenseWhat is the Incident Response Lifecycle?With COVID-19 forcing businesses around the globe to shift to remote work, the cybersecurity landscape has changed significantly. Consequently, the complexity of protecting corporate...
Data Breach Prevention: How to Improve Cybersecurity
Data Breach Prevention:How to Improve Cybersecurity in Your CompanyBy Serge MihalapNo system is immune to cyber-attacks and unauthorized access. But do you know how common it is for companies to remain oblivious to a data breach? Moreover, employees responsible for...
ISO27001 auditor certificate
UnderDefense enhance its presence and capabilities in compliance - more ISO27001 auditor certificates Compliance is getting harder year to yearOrganizations of all industries and sizes are facing more compliance regulations every year. Regulators no longer just accept...
Battling offline viruses: UnderDefense team donates oxygen concentrators to Ukrainian hospitals
Battling offline viruses: UnderDefense team donates oxygen concentrators to Ukrainian hospitalsLviv, Ukraine - UnderDefense, a leading outsourcing cybersecurity services provider, joins the cohort of socially responsible Ukrainian businesses that have already made...
N-day exploit development and upgrade to RCE
Write-up:N-day exploit development and upgrade to RCE[CVE-2018-6231] Trend Micro Smart Protection Server Bypass Vulnerability + Code Execution By Taras Zelyk, Serhiy Sych, Bogdan Vennyk “At UnderDefense we are not only hunting for vulnerabilities and analyzing their...
Strategic partnership between UnderDefense and SOC Prime
Strategic partnership between UnderDefense and SOC Prime UnderDefense and SOC Prime Partner to Deliver the world’s largest marketplace for Threat Detection Rules and Queries New York, New York – February 24, 2020 – UnderDefense, a leader in supporting organizations...
UnderDefense and Accedian Partner to Deliver Next-Generation Intrusion Detection as a Service
UnderDefense and Accedian Partner to Deliver Next-Generation Intrusion Detection as a Service New York, New York – January 28, 2020 – UnderDefense today announced a strategic partnership with Accedian, the leader in performance analytics, cybersecurity threat...
Strategic partnership between UnderDefense and Kyte Global
Strategic partnership between UnderDefense and Kyte Global UnderDefense and Kyte Global Partner to deliver the Next-Generation Detection and Incident Response Services.New York, New York - 09th January 2020 - UnderDefense today announced a strategic partnership with...
2019 in numbers
2019 in numbers2019 was a very productive and eventful year for UnderDefense team.We’ve changed a lot and accomplished many awesome things.Our team is happy that you have been witnessing us grow and mature.That is why we would like to share some of our most notable...
UnderDefense Recognized as Clutch Global Leader in IT & Business Services!
UnderDefense Recognized as Clutch Global Leader in IT & Business Services! Cybersecurity isn’t just a techie word to delegate to your IT teams anymore; nowadays companies are actively seeking protection from hacking attacks and cyber threats. Our work is the...
A new #OSCE certificate on our Wall of Fame!
A new #OSCE certificate on our Wall of Fame!UnderDefense team has added another certificate in our Red Team portfolio! Offensive Security Certified Expert (OSCE) certification shows a strong understanding of security principles and practice. This ethical hacking...
Strategic partnership with Nexia Group
Strategic partnership with Nexia GroupWe are happy to announce that UnderDefense has become a member of Nexia Group. At the BreakWest meeting, we have been officially recognized as a partner of a leading global network of independent accounting and consulting firms....
Eugene Roman to a C-level at the cross-roads: choosing security vs. usability
Eugene Roman to a C-level at the cross-roads: choosing security vs. usability Eugene Roman short bio: Eugene won the 2015 Canadian CIO of the Year award (Private Sector) for having created a strategic plan to transform the Canadian Tire Corporation into an innovator...
Threat & Fraud detection with Splunk
Threat & Fraud Detection: How Splunk can catch and stop it Client: #1 National Telecommunications and Internet Technologies provider Technical Challenge: We had to monitor 600,000,000 historical unstructured old data and 2,000,000 events per day Business...
How to comply with SHIELD act?
How to comply with SHIELD Act?Are you storing data and private information of New York residents? The state has enforced breach notification law Stop Hacks and Improve Electronic Data Security (SHIELD) Act updating the scope and requirements for consumers’ sensitive...
News from UnderDefense in NYC
News from UnderDefense in NYCWe’ve moved! UnderDefense is excited to announce that you can find us at 111 John Street, Suite 420 in NYC. Also, there are a few brilliant events in August-October that we are going to take part and encourage you to do the same.28 August...
UD experts are not only in the cyber world
UD experts are not only in the cyber worldOur UnderDefense team had some truly great time this weekend! We regularly spend time together to build great communication between our teams and nurture company values.This time our little going-out-of-city became an...
UnderDefense in Canada
UnderDefense in Canada UnderDefense had great opportunities to attend many insightful events and meet interesting people in Canada. UD representatives were happy to visit two separate events but equally important. They got in touch with world leaders at an...
Keeping cyber crime in secret |Stories by ISACA Board Member “Radar” Riley
Keeping cybercrime in secret |Stories by ISACA Board Member "Radar" Riley Keeping cyber crime in secret? "Radar" Riley has many coaching stories and a good sense of humor under the hood. The interview focuses on the cyber threats current situation of educational and...
Why petroleum companies get shut down| Oil & Gas security with Chris Fair| UnderDefense Vlog
Why petroleum companies get shut down|Oil & Gas security New edition of UnderDefense Vlog with the main topic Oil and Gas security! In this video you’ll find tips for Petroleum companies on how to prevent cyber risks, discover threats that can make business blow,...
New Feature in AWS: Traffic Mirroring
New Feature in AWS: Traffic MirroringNow security analysts are able to collect data fast and flexibly with a new feature. Traffic Mirroring in AWS has given an ability to transfer the traffic to a SIEM (like Splunk) and analyse it. This is targeted for cases when you...
Security guru from Facebook, Juniper & Google: Nick Bilogorskiy
Security guru from Facebook, Juniper & Google: Nick Bilogorskiy Nick Bilogorskiy who has recently headed Trust and Security department at Google, exclusively for #UnderDefenseVlog has given an interview about his career path in cybersecurity. His CV includes such...
CISO Answers – with Michael Schindler
CISO Answers - Interview with Michael Schindler #CISOAnswers is a series of interviews with thought leaders in IT/IS seasoned with valuable insights on a variety of important topics. Watch our interview with - Michael Schindler - a leader with strong roots in the...
Web Application Penetration Testing
Web Application Penetration Testing Client: International Marketing Service Firm Challenge: Client data security and Compliance requirements from a very prominent customer were a initial stimul to conduct Application Security testing and build a solid Security...
CISO Answers – Interview with Matthew Sciberras
CISO Answers – Interview with Matthew Sciberras “CISO Answers” is a series of interviews with thought leaders in IT/IS seasoned with valuable insights on a variety of important topics. The first of our exclusive CISO Interviewees is Matthew Sciberras - Director of...
UD team at NoNameCon 2019: outcomes and materials
UD team at NoNameCon 2019: outcomes and materials NoNameCon was epic this year! We loved to see the growth of our community and contribute with speeches sharing our expertise! There were 3 speakers from UnderDefense, 2 Villages and 12 UD teamers who attended the...
Top cloud threats in 2019: secure your infrastructure
Top cloud threats in 2019: secure your infrastructureA lot of companies prefer to use cloud environment in order to store clients' data there. It is a convenient way and offers many flexibility. But how to make these remote storages well protected from cloud threats?...
Forwarding MySQL log file in AWS to Splunk: monitoring connections
Forwarding MySQL log file in AWS to Splunk: monitoring connectionsIntro Working for our client with a database hosted on Amazon, we have faced the case of forwarding MySQL log files in AWS to Splunk in order to monitor connections to the DB. According to safety...
IoT attack simulation and ways to protect
IoT attack simulation and ways to protect Internet of Things rapidly changes lives of millions of people. The ramp up of technology also comes with security risks that are usually underestimated. In today’s world of “always on” technology and not enough security...
Anomali and UnderDefense partnership
Anomali and UnderDefense partnership Anomali is one of the most comprehensive Threat Intelligence Platforms. It boosts the reaction of analysts in Security Operations Center to unknown threats and investigate incidents faster. We are proud to have such a strong...
Mac based antimalware training
Mac antimalware trainingApple customers believe that no adversaries can hack their personal data or access important files. We bust this myth about perfectly secure MacOS devices! During our Security Awareness training, we demonstrate how anyone can break this system....
ISO 27001 assessment
ISO 27001 assessmentISO 27001 is the only auditable international standard that defines the requirements of an information security management system (ISMS). An ISMS is a set of policies, procedures, processes and systems that manage information risks, such as cyber...
Roadmap of UD services
UnderDefense cybersecurity services roadmap The statistics show that cybersecurity issues are becoming a day-to-day struggle for businesses. That's why thinking about your security posture is a number one task for all go-ahead companies. Your sensitive data and money...
2018 in numbers
2018 in numbers 7 times revenue growth Top 5 of 704 Cybersecurity Consulting Companies by Clutch 4 products launched for our clients 24 new logos 1.5 times growth of engineering staff 3d place on SecOps EU competition 1 new Fraud Detection project completed 50 new...
NIST Cybersecurity Framework Assessment
NIST Cybersecurity Framework Assessment UnderDefense conducted an assessment for our global client from Information Technology and Services with 1000+ employees providing a report with insights into organizations’ current security profile – as defined in the NIST...
New Service launch: SecOps AWS Best Practices Training and Workshop
New Service launch: SecOps AWS Best Practices Training and WorkshopWe at UnderDefense believe that cybersecurity is a must-have for any successful business. As far as the threat landscape continues to evolve, many customers now demand it more than before. Almost all...
Effortless Splunk Universal Forwarders update with Ansible
Effortless Splunk Universal Forwarders update with Ansible Are you familiar with a pain of trying to install or update a large number of Splunk universal forwarders using only Splunk toolkit? It seems impossible. That is where the work of “configuration management”...
Hidden aspects of mimikatz and infrastructure protection by Sysmon+Splunk
Hidden aspects of mimikatz and infrastructure protection by Sysmon+Splunk In 2011 Benjamin Delpy released his side project that most recently became a key component of some ransomware worms that spread across Europe. Mimikatz became a ubiquitous tool in all manner of...
Fraud Detection Speech at EBA
Fraud Detection Speech at EBA UnderDefense team has attended a Breach&Fraud.IT meeting, which was organized by the European Business Association. Our CEO Nazar Tymoshyk and PM Mykhailo Hordych have presented there a speech about Data Breach Incident and its...
Spunk-based project on fraud detection investigation
Spunk-based project on fraud detection investigation Our team has detected fraudulent activity on the employee's side in our client’s company from the telecommunications sector. Splunk helped us to process all the data and capture suspicious actions. We have collected...
New Gen SIEM Tool development
New Gen SIEM Tool development What we have done: We have developed from our US MSSP client a reliable, fast and easy-to-use solution for Security Analysts and CISOs which helps to collect, per-process and forward logs for further analysis. Its main benefits: a remote...
Critical vulnerability in Linux and Mac
libssh vulnerability: Critical flaw in Linux and Mac SSH/SFTP services A critical vulnerability has been discovered in libssh - the implementation library for Secure Shell (SSH) that could allow anyone connect to computers remotely without knowing your password....
Top 3 research and rating platforms for cybersecurity
Top 3 research and rating platforms for cybersecurityThe first step our potential customers take is visiting of the websites with independent ratings, reviews, and feedbacks online to check the quality, excellence, and professionalism of a vendor or service provider...
The best penetration test for your business
The best penetration test for your business.If you have decided that penetration test (an authorized simulated attack on a computer system, performed to evaluate the security of the system) is what your business needs, next step will be to choose its type.We will...
Windows 10 Start menu
Windows 10 Start menu About AppLocker Creating AppLocker rules Summary Introduction Recently our security team discovered several issues with Windows 10 (Enterprise and Education versions) in Active Directory domain. We will try to describe how it all started, below....
UnderDefense’s engineer unlocked Splunk certifications
UnderDefense's engineer unlocked Splunk certifications Consultant I level We are pleased to be a Spunk partner and now our security analysts are awarded and holding Splunk certifications. Slunk Inc. is a company producing software for searching, monitoring, and...
IoT Malware analysis project
IoT Malware analysis project UnderDefense has completed a new IoT Security project. Our Malware analysis helped Israel startup to identify and Reverse Engineer new malware example that massively targets IoT devices.Get the Help You NeedCybersecurity is our core...
Crypto markets & Smart-Contract Security
Crypto markets & Smart-Contract Security UnderDefense has recently completed 2 complex security assessment projects for cryptocurrency marketplaces. Our elite team of ethical hackers provided Solidity based Smart-Contract code assessment as well as discovered...
Eset Remote Administrator App for Splunk
Eset Remote Administrator App for Splunk About data visualization and Splunk apps Shortly about app App Description Summary Links About data visualization and Splunk apps The best method to explain the significance of information is to display it in a visual context....
How to configure log collection from Cisco FirePower to Splunk
How to configure log collection from Cisco FirePower to Splunk Installing and configuration of a Splunk Add-on Prerequirements Firepower Management Center configuration Installing and configuration Splunk eStreamer eNcore App Summary Troubleshooting Example 1 Example...
Windows Event Collector orchestration 2
Windows Event Collector orchestration Create a Group Policy Add WEC to the special user group Add read access to security logs for winRM services Restricted Group creation WinRM service configuration Summary Introduction As the continuation of the previous article, we...
Windows Event Collector orchestration
Windows Event Collector orchestration Different Methods of log collection Splunk Universal Forwarder VS WEC How it works (Solution overview) Installation description Subscription creation process Summary Introduction This blog is one of many in a series that will...
Splunk Add-on for Eset Remote Administrator
Splunk Add-on for Eset Remote Administrator Development How to use it Summary DevelopmentFirst of all we need to install Splunk Add-on builder. I prefer to install it from internal splunk shop in Splunk Enterprise. Go to Manage Apps and click Browse more apps ...
How to deploy MSI packages remotely in Windows infrastructure using remote shell
How to deploy MSI packages remotely in Windows infrastructure using remote shell How to use msiexec on remote hosts? Description of the situation in the environment How do we delegate credentials? Application installation Summary Very often we come across the...
Keeping cyber crime in secret | Stories by ISACA Board Member
