Applying the Linux MITRE ATT&CK Framework with Capsule8

The MITRE ATT&CK™ framework is becoming increasingly adopted as a way to validate detection coverage. If you aren’t yet familiar with it, ATT&CK is an open-source knowledge base of tactics …

Our 2020 Security Predictions Clickbait Will Leave You SHOOK!

Prediction lists in the security industry are mostly self-indulgent fan fiction, so we decided to create an anti-meme in response. Rather than spin tall tales about drones using lasers to …

OOMyPod: Nothin’ To CRI-O-bout

Gather around the fire for a story about the unlikely partnership of bugs that led to a partial container escape. While this is a fairly technical post covering some container …

Don’t Get Kicked Out! A Tale of Rootkits and Other Backdoors

Introduction When it comes to rootkits and other backdoors, everything is on the table. There exists a vulnerability that can be exploited in a system binary to gain root access? …

The Curious Case of a Kibana Compromise

The sun rose, coffee was guzzled, and fingers clicked away at keys, making it a typical day at Capsule8 HQ – until it wasn’t. As the Capsule8 team deployed one …

An Infosec Lens on the 2019 State of DevOps Report: What It Means for Us

Understanding DevOps trends is essential for infosec professionals. Before you angrily close the tab because you are tired of lectures about the need for infosec to work with DevOps, consider …

HELO, Is It Me You’re Exploiting For?

Another month, another pre-auth RCE in Exim, an open source mail server for Unix systems. This time, it’s CVE-2019-16928, a heap-based buffer overflow reported this weekend. Why it matters: If …

Major Key Alert: Data Discovery for Red Teams with an ML Tool for Keylogging

With the glut of security vendors who promise to secure to the moon and back on the star-glazed spaceship of Machine Learning (ML) technology, where is the equivalent for red …

How Capsule8 Approaches Linux Monitoring

We at Capsule8 have put a lot of thought into our product by thinking about what would make us most mad as hackers if we encountered it while attacking an …