Takeaways from Art into Science

What do you get when you take a security conference and pare back its typical formula of swag-laden vendor tables, high-concept lighting that promises to be “an experience”, bougie parties …

Unsupervised Anomaly Detection Using BigQueryML and Capsule8

In a sea of data that contains a tiny speck of evidence of maliciousness somewhere, where do we start? What is the most optimal way to swim through the inconsequential …

What is the Linux Auditing System (aka AuditD)?

The Linux Auditing System is a native feature to the Linux kernel that collects certain types of system activity to facilitate incident investigation. In this post, we will cover what …

Applying the Linux MITRE ATT&CK Framework with Capsule8

The MITRE ATT&CK™ framework is becoming increasingly adopted as a way to validate detection coverage. If you aren’t yet familiar with it, ATT&CK is an open-source knowledge base of tactics …

Our 2020 Security Predictions Clickbait Will Leave You SHOOK!

Prediction lists in the security industry are mostly self-indulgent fan fiction, so we decided to create an anti-meme in response. Rather than spin tall tales about drones using lasers to …

OOMyPod: Nothin’ To CRI-O-bout

Gather around the fire for a story about the unlikely partnership of bugs that led to a partial container escape. While this is a fairly technical post covering some container …

Don’t Get Kicked Out! A Tale of Rootkits and Other Backdoors

Introduction When it comes to rootkits and other backdoors, everything is on the table. There exists a vulnerability that can be exploited in a system binary to gain root access? …

The Curious Case of a Kibana Compromise

The sun rose, coffee was guzzled, and fingers clicked away at keys, making it a typical day at Capsule8 HQ – until it wasn’t. As the Capsule8 team deployed one …

An Infosec Lens on the 2019 State of DevOps Report: What It Means for Us

Understanding DevOps trends is essential for infosec professionals. Before you angrily close the tab because you are tired of lectures about the need for infosec to work with DevOps, consider …