Year In Review: Our Top Posts From 2018
Happy New Year! Before we dive back in, we wanted to take a quick look back at a few of your favorites. Here are our five most popular posts from 2018:
#1 - Putting the MITRE ATT&CK Eval into Context
MITRE published the results of their first public EDR product evaluation.This evaluation is a great achievement from MITRE, and we look forward to working with MITRE on continually refining the process and participating in future tests. As we reflect on the test and what it means, we would like to add some perspective to put the results into context.
#2 - It’s The Endgame For Phishing
With version 3.0 of the Endgame Protection Platform, Endgame has delivered the best prevention against document-based phishing attacks - the execution of malicious documents attached to email or delivered through social channels.
#3 - Getting Started with EQL
Event Query Language (EQL) is a language to express relationships between events and additionally has the power to normalize your data regardless of data source and not constrained by platform. Now that EQL has been open-sourced, you too can adopt the language and start writing your own adversarial detections, regardless of underlying technology.
#4 - Introducing Ember: An Open Source Classifier And Dataset
Ember (Endgame Malware BEnchmark for Research) is an open source collection of 1.1 million portable executable file (PE file) sha256 hashes that were scanned by VirusTotal sometime in 2017. With this dataset, researchers can now quantify the effectiveness of new machine learning techniques against a well defined and openly available benchmark.
#5 - Detecting Spectre And Meltdown Using Hardware Performance Counters
For several years, security researchers have been working on a new type of hardware attack that exploits cache side-effects and speculative execution to perform privileged memory disclosure. These new vulnerability classes consisted of two distinct flaws named Spectre and Meltdown.