Cyber Research Unit

Threat Hunting and Threat Intelligence for TSPs and MSPs

All about the CRU

Security Content

All the latest in security news. The CRU identifies new vulnerabilities, researches them, and shares what they find with all to see.

Automation

The CRU has developed automated tools to perform basic analysis on security incidents to help automatically make decisions on escalation and remediation.

Research

With “research” in the name, it only makes sense that research is involved. They dig deep into automated and manual malware analysis, vulnerabilities, and more.

Intelligence

The CRU monitors ransom leak sites and malicious botnets for new threats, uses OSINT resources, and utilizes data from the Perch platform to help create content and complete research.

Threat Hunting

With the CRU, cyber threat hunting involves building visualizations to highlight abnormal activity, searching through data for new indicators of compromise (IoCs), or testing various queries and reviewing the results.

CTFs

The CRU is a big fan of hosting CTFs, and for good reason. From their eyes, cybersecurity capture the flag events are a great way to dip your toes into cybersecurity or build upon expert skills.

Threat Report

View All >>

Threat Report

Two Vulns, a Five-Year compromise, and the Twitch Data Breach

Grafana is an open-source, multi-platform analytics platform that lets you create graphs, charts, and alerts on whatever data you give it access to. Earlier this week, Grafana released two new versions, 7.5.11 and 8.1.6, which address a critical vulnerability recently discovered in Grafana’s snapshot feature.

Cybersecurity

Threat Report

19 New VMware Vulnerabilities, One Critical

VMware is a major virtualization and cloud computing software vendor used by organizations of all sizes. This week they released information on 19 new vulnerabilities. One of these is a critical vulnerability that could allow an attack to run any code they want on the vulnerable server. VMware servers are critical infrastructure and if exploited an attacker could have full control over their targets entire network.

Cybersecurity

Threat Report

New Windows Office 0 Day Rce Vulnerability

Microsoft released a security advisory earlier today for a new Remote Code Execution Vulnerability in MSHTML (CVE-2021-40444) that affects all current Windows versions discovered by security researchers from Mandiant and EXPMON

Cybersecurity

Threat Report

A new ransomware gang on the block

A key component to protecting your systems is understanding the threat landscape. Part of that is keeping tabs on who the adversaries are and the tactics, techniques, and procedures they use.

Cybersecurity

Who we are

Drew Sanford

Sr. Director, Global SOC

With more than 25 years of security, engineering, sales, and operations experience, Drew brings the whole kit and kaboodle to the CRU. He leads the Global SOC team, bridging the gap between security operations and threat research.

Patrick Snyder

Director, Threat Team

He has over 20 years of experience in IT, with more than 10 of those in cybersecurity. He comes from Perch Security, where he managed operations and security. He spends his free time enjoying tacos, breaking things, and BSides.

Bryson Medlock

Manager, CRU

Bryson brings more than 10 years of cybersecurity experience on top of another 10+ years as a system admin. He’s skilled at reverse engineering, malware analysis (he downloads it for fun), Python, Linux system admin, web hosting, and CTFs.

Certifications: OSCP

Stu Gonzalez

Senior Threat Researcher, CRU

7 years of cybersecurity experience. Skilled in Python. Knows all about automation. Loves data science. Wouldn’t mind a few more bots.

Certifications: GCIA

Ross Farrington

Threat Researcher, CRU

Ross comes to the team with 6 years of cybersecurity experience, a B.S in computer science – information assurance, and a background in Python, incident investigation, red teaming, and Docker.

Certifications: GCIA, OSCP