BlindSPOT Newsletter: June 2024
    > BlindSPOT Newsletter: June 2024


News & Updates

BlindSPOT Newsletter: June 2024

June 10, 2024

A Note from the CTO:

Building BlindSPOT is fun, full stop.

Both the development and tradecraft teams get the chance to solve difficult challenges and puzzles with the direct goal of making BlindSPOT a better tool for you to answer the question “What would happen if…”. 

Of course, because we are performing the same behavior that attackers do, the same defenses that get put in place to stop them, stop us.  We don’t just end up building simulations that mimic the same behavior that threat actors do, we end up acting like threat actors through the whole development lifecycle.   

A lot of the updates we do to agents, payloads, and other components are all geared to making sure that BlindSPOT provides an effective tool in your toolbox. 

  • Effective to build realistic simulations, encapsulating the tradecraft we bring (or the tradecraft you bring).
  • Effective at being easy to execute and fast to get results from.
  • Effective to rapidly deploy and scale testing across your environment.
  • Effective to generate useful metrics that help you understand how you will perform against real adversaries.

We’re excited to see how the new features help you improve your defenses, and what ideas they generate for you.  As always, we’d love to hear from you on what you think about BlindSPOT, and where we can help you answer the question “What would happen if…”.

OK, on to the show!

-Ben Finke, OnDefend Co-Founder/CTO

New PowerShell Module

We’ve added a new PowerShell module to the list of payload modules.  Previously the run module was the most common way to execute any PowerShell activity, but that meant every step that ran PowerShell started a brand-new PS process, executed the command, and then exited the process.  Our new PowerShell payload module starts a PS process and then lets you interact with it throughout the simulation.  So, if you set a variable in step 8, you can reference it again in step 17!  And if you bypass a security control (cough AMSI cough), you get to take advantage of that work for the rest of the simulation.

You’ll see the PowerShell module already listed in the Simulation Builder, and we’re adding lots of new simulations that take advantage of this new feature.

Learn More About BlindSPOT

New Alert Validation Dashboards

Alert Validation has been under development in all phases, but the new dashboard helps you zero in on any issues with your detection uptime, and understand how long it takes to resolve any issues, once found:

Learn More About Alert Validation

New Agent Builds Available (in Beta)

We’ve completely rebuilt the BlindSPOT agents from scratch, enhancing functionality and adding some additional tradecraft to make them easier to deploy and run.  Available now as the “Beta” option in your agent builder, give it a try!

Discover BlindSPOT

One Last Thing….

Thank you for taking the time to read our newsletter. We are committed as an organization to continue pushing boundaries within the world of innovation, BlindSPOT is the product of that.

If you want to stay in the loop about what’s happening at OnDefend & BlindSPOT, including our upcoming webinars, the latest cybersecurity trends, and product updates, then follow us on Facebook, Twitter, and LinkedIn @ondefend.


Connect with Us to Stay in Touch

Website Design and Development by 63 Visual Design Studio in Jacksonville Beach, Florida.