By Josh Campbell at Cyborg Security

The healthcare industry is facing a pandemic on two fronts, COVID-19 on one, and ransomware on the other.

The healthcare industry is worth more than $8.45 trillion in the global economy. The services it provides are the difference between life and death for many. It should come as no surprise then that these organizations are a prime target. This is true especially for cyber criminals using ransomware to carry out their malicious ends.

These attacks, carried out by advanced adversaries, cripple healthcare institutions and facilities. They render networks unusable. The attacks prevent access to…


By Josh Campbell at Cyborg Security

“Threat content, and queries, and use cases… oh my!”
~Dorothy (If she visited a SOC instead of Oz)

Security operations centers (SOC) are marvellous and complex machines. They often remind me of antique clocks in their complexity. They are awash with advanced technology full of (digital) moving parts, (virtual) spinning cogs, and a dizzying number of people. These elements are all working in tandem to secure their parent organizations from attacks of all sizes. …


By Josh Campbell at Cyborg Security

One of the questions I get asked almost every week is some variation of “… but how do I threat hunt?” By this, what they often mean is, there are tons of articles on threat hunting strategies, but there aren’t as many resources aimed at analysts on how to threat hunt. Now, this isn’t to say that the community hasn’t produced howtos and other documents. They have, and these are great.

But these tomes are often aimed at a specific technique or hunt. There are, unfortunately, fewer resources on more general ideas that analysts…


By Josh Campbell at Cyborg Security

Let’s face it, sometimes we are guilty of impatience. It doesn’t matter the industry or problem, it seems like everyone is offering a quick fix to solve all our ills. But, it has been my experience that those “shortcuts” can, and often do, turn into “longcuts” — as the saying goes. Cyber security, and threat detection in particular, is no different. The industry often seems infatuated with revolutionary “big fixes.” In reality a series of evolutionary “small fixes” can often have a much longer lasting impact. …


By Josh Campbell at Cyborg Security

Cyber security seems to have a strong infatuation for cycles. It seems like every discipline in cyber has at least one.

  • Threat Intelligence? Check.
  • Security Analysis? Check.
  • Incident Handling? Check.
  • Digital Forensics and Incident Response? Double Check.

But this focus on cycles isn’t without purpose. Cycles, at a high level, show that the disciplines themselves are repeatable. Those cycles also drive, a high level, the processes and procedures for those disciplines. This helps to establish that the discipline is also rigorous.

Threat hunting should be no exception to this pattern. This is because a…


By Josh Campbell at Cyborg Security

We’ve talked a lot about threat hunting in the past few months. From how to do it, what you need, and even how you can follow up on hunts. Something we haven’t covered though is maturity, and how teams can measure that. For some, measuring “maturity” can seem tedious. After all, so long as hunt teams “find the bad,” some might wonder why maturity is even important for SOCs. The value of modeling maturity is that it allows organizations to set their “eye on the prize,” so to speak. It enables organizations to see…


By Josh Campbell at Cyborg Security

The cyber security industry likes acronyms. There, I said it. In fact, if you can go a day as a cyber security professional without using one of the industry acronyms, I would say you were on vacation. In the wildness. Outside of cellular coverage. With your phone off. The reality is though, that they save us time when we are discussing concepts or technologies. Who wants to say “security information and event management” instead of “SIEM”?


By Lee Archinal at Cyborg Security

You know what was one of my favourite hobbies pre-2020 (and I mean besides threat hunting, of course)? People watching. You grab a coffee, sit down, and watch as (mostly) rational creatures go about their day. But that hobby has a way of turning into a way of thinking and analyzing the world around you. For instance, I remember several years ago at a past job, I would sit at my desk as people came in and out of a secure room. What I noticed was that many people would allow others to tailgate…


By Josh Campbell at Cyborg Security

Automated Threat Hunting
Automated Threat Hunting

Let’s face it, the cyber security industry is full of strong opinions. This is true about best practices, the best methods, or even the best caffeine sources. Another topic that can be polarizing though is the role of automation. Some people swear that the growing volume of attacks means that automation is the only way to keep pace. Others swear that automation is the 21st century version of snake oil. This is an argument I have seen play out for years in SOCs and break rooms, globally. Lately though, I have started to hear…


By Josh Campbell from Cyborg Security

A colleague asked me about what are the best threat intelligence tools I use for data manipulation on a daily basis. He had stumbled upon a massive CSV file that was submitted to a popular sharing site. He had received a tip that there was some interesting data in it for a client he works with. The trouble he was having was that the file was several gigabytes in size. Every attempt to open the file in Microsoft Excel has proved unfruitful. I recommended that he could use a tool like ‘cat’ and ‘grep’…

Cyborg Security

Cyborg Security is a pioneer in cybernetic threat hunting, delivering an advanced, actionable threat hunting platform.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store