Monitoring Box Security with USM Anywhere

May 24, 2019 | Jose Manuel Martin
Jose Manuel Martin

Jose Manuel Martin

Jose is a Security Researcher and a part of the AT&T Alien Labs team. His interest in development led Jose to work as an Application Security Engineer and Scrum Master in the past. Nowadays he enjoys watching old-fashioned movies, researching threat models, and finding new mechanisms to detect malware. Also, he is an enthusiast of information theory and physics.

May 24, 2019 | Jose Manuel Martin

Monitoring Box Security with USM Anywhere

Introduction We recently announced the release of the new AlienApp for Box in USM Anywhere, which uses the Box Events API to track and detect detailed activity on Box. This new addition to the AlienApps ecosystem provides an extra layer of security to cloud storage services that many enterprises are outsourcing to Box. Beyond monitoring and data collection,…

October 18, 2018 | Jose Manuel Martin

Detecting Empire with USM Anywhere

Empire is an open source post-exploitation framework that acts as a capable backdoor on infected systems.  It provides a management platform for infected machines. Empire can deploy PowerShell and Python agents to infect both Windows and Linux systems. Empire can: Deploy fileless agents to perform command and control. Exploit vulnerabilities to escalate privileges. Install itself for persistence. Steal user…

Get the latest security news in your inbox.

Subscribe via Email

August 1, 2018 | Jose Manuel Martin

Off-the-shelf RATs Targeting Pakistan

Introduction We’ve identified a number of spear phishing campaigns with Pakistani themed documents, likely targeting the region. These spear phishing emails use a mix of different openly available malware and document exploits for delivery. These are served from the compromised domains www.serrurier-secours[.]be and careers.fwo.com[.]pk (a part of the Pakistani army). There are some…

June 20, 2018 | Jose Manuel Martin

GZipDe: An Encrypted Downloader Serving Metasploit

At the end of May a Middle Eastern news network published an article about the next Shanghai Cooperation Organization Summit. A week ago, AlienVault Labs detected a new malicious document targeting the area. It uses a piece of text taken from the report as a decoy: This is the first step of a multistage infection in which several servers and…

Watch a Demo ›
Get Price Free Trial