SecurityUpdates
BlindSPOT Newsletter: April 2024
April 16, 2024
The latest BlindSPOT updates: Alert Validation, BDO Digital Partnership, and BlindSPOT Customer Success Story
Read
BlindSPOT Newsletter: June 2024
June 10, 2024
SecurityUpdates
A Note from the CTO:
Building BlindSPOT is fun, full stop.
Both the development and tradecraft teams get the chance to solve difficult challenges and puzzles with the direct goal of making BlindSPOT a better tool for you to answer the question “What would happen if…”.
Of course, because we are performing the same behavior that attackers do, the same defenses that get put in place to stop them, stop us. We don’t just end up building simulations that mimic the same behavior that threat actors do, we end up acting like threat actors through the whole development lifecycle.
A lot of the updates we do to agents, payloads, and other components are all geared to making sure that BlindSPOT provides an effective tool in your toolbox.
- Effective to build realistic simulations, encapsulating the tradecraft we bring (or the tradecraft you bring).
- Effective at being easy to execute and fast to get results from.
- Effective to rapidly deploy and scale testing across your environment.
- Effective to generate useful metrics that help you understand how you will perform against real adversaries.
We’re excited to see how the new features help you improve your defenses, and what ideas they generate for you. As always, we’d love to hear from you on what you think about BlindSPOT, and where we can help you answer the question “What would happen if…”.
OK, on to the show!
-Ben Finke, OnDefend Co-Founder/CTO
New PowerShell Module
We’ve added a new PowerShell module to the list of payload modules. Previously the run module was the most common way to execute any PowerShell activity, but that meant every step that ran PowerShell started a brand-new PS process, executed the command, and then exited the process. Our new PowerShell payload module starts a PS process and then lets you interact with it throughout the simulation. So, if you set a variable in step 8, you can reference it again in step 17! And if you bypass a security control (cough AMSI cough), you get to take advantage of that work for the rest of the simulation.
You’ll see the PowerShell module already listed in the Simulation Builder, and we’re adding lots of new simulations that take advantage of this new feature.
New Alert Validation Dashboards
Alert Validation has been under development in all phases, but the new dashboard helps you zero in on any issues with your detection uptime, and understand how long it takes to resolve any issues, once found:
Learn More About Alert Validation
New Agent Builds Available (in Beta)
We’ve completely rebuilt the BlindSPOT agents from scratch, enhancing functionality and adding some additional tradecraft to make them easier to deploy and run. Available now as the “Beta” option in your agent builder, give it a try!
One Last Thing….
Thank you for taking the time to read our newsletter. We are committed as an organization to continue pushing boundaries within the world of innovation, BlindSPOT is the product of that.
If you want to stay in the loop about what’s happening at OnDefend & BlindSPOT, including our upcoming webinars, the latest cybersecurity trends, and product updates, then follow us on Facebook, Twitter, and LinkedIn @ondefend.
THE FIRST STEP TO A MORE SECURE FUTURE
Connect with Us to Stay in Touch
ServicesUpdatesWebinar
CISA Year In Review: A deep dive into the biggest threats, an outlook into the new year and how to prepare.
January 22, 2024
Analyze the biggest trends, threats, and targeted industries in 2023. Discover why these threats topped the list and learn steps organizations can take to prevent and respond to attacks in 2024.
Read
Press
BDO Digital Integrates OnDefend’s Cutting Edge Breach and Attack Simulation Technology Into its Active Assure Security Service
April 16, 2024
BDO Digital incorporates OnDefend's new breach and attack simulation tech
Read