Detecting the Neutrino Exploit Kit

Bill Miskimen
Sr. Security Analyst

The Neutrino Exploit Kit has made several changes in technique and delivery over the past few years. These changes in techniques, combined with the demise of hugely popular Angler Exploit Kit, have helped Neutrino become one of the most used Exploit Kits on the market today. The group behind Neutrino appears to be updating its exploitation techniques and payloads on almost a monthly basis, if not every few weeks. In this article, we'll look into how the Neutrino Exploit Kit works and some good ways to detect it. We’ll review some high-level details around the kit itself and how front-line defenders can rapidly, easily, and accurately identify Neutrino activity in an enterprise environment – all without needing to understand complex underlying details like compressed flash objects, where coffee comes from, and whether or not the Internet truly is housed in a black box at the top of Big Ben. After reading this, analysts should be able to look at an unlabeled packet capture of reasonable size and quickly identify if any Neutrino activity is present, whether it was successful, and provide a walkthrough/timeline of events around the malicious activity in question.


The Top 5 Things to Look for in an MSSP: Don't settle for just 24/7 monitoring

Lainie Vande Woude
Director of Sales, MidAtlantic Region

Today’s businesses face a rapidly evolving security environment. This ever-shifting landscape requires businesses to reconsider how they protect themselves. For many businesses, partnering with a Managed Security Services Provider (MSSP) makes sense from the perspective of cost, capabilities, and resources. However, not all MSSPs are created equal.


Three Proven Techniques for Detecting Targeted Attacks

by Carl Manion, Managing Principal

Thanks to extensive media coverage of the numerous cyber security breaches over the past several years, most organizations are generally aware of the risk they face due to advanced persistent threats (APTs) and highly skilled cyber criminals. They understand that well-coordinated APT campaigns do, in fact, exist and can result in significant adverse impacts on their business through theft of data or intellectual property; damage to their business reputation or image; and/or sabotage to their critical business systems and networks. As a result, many have invested in implementing multiple layers of defense, including expensive Intrusion Detection and Prevention Systems (IDS/IPS) and Security Information and Event Management (SIEM) solutions.  But, they’re still getting breached and their signature-based defensive stacks are bypassed time and time again.


Black Hat USA 2016

Black Hat 2016 is right around the corner and RFS is prepared to take  Vegas by storm! 

You’ll want to make sure and stop by Booth #1132 and meet the cyber security experts from Raytheon Foreground Security.  We have an exciting schedule of events planned to help you learn more about Proactive Threat Hunting – a unique service that provides reduced variances in threat hunting results; efficiencies of implementing a threat hunting capability; and, improved overall maturity of security operations process.


David Amsler reflects on becoming Raytheon Foreground Security

When you find yourself at the crossroads in building a company and you realize that it’s going to take more than organic growth to reach the market that you know is desperate for what you have to offer, you have to make some big decisions. I was lucky enough to be in the position of having a significant number of options. This position of strength allowed me the opportunity to find a company that would enable us to keep growing at the pace we needed to grow but would also allow me to foster the culture that I value so much. Being a member of the Raytheon family means that we have the breadth and reach of a Fortune 100’s resources, but the ability to continue to do all the things that we do best. In choosing to become part of the Raytheon family, I am confident that we have found a company that will allow us to stay true to our core values while investing in the growth that we could not achieve alone. Raytheon’s heavy investment in cyber security and commitment to innovation made them such an attractive choice for me as I made this decision. I am most excited about Raytheon’s plans to make significant investment in our capabilities and growth including development of two new cyber centers of excellence (COEs), expanding investments in our advanced threat intelligence platform (ATIP), and other advanced analytics capabilities.