Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Introduction
In the ongoing cat-and-mouse game between cyber attackers and defenders, the battleground has shifted from traditional malware tactics to more sophisticated methods of infiltration. One such technique gaining traction is SMB (Server Message Block) staging, a maneuver that allows attackers to bypass antivirus software and gain unauthorized access to systems.…
Table of Contents
By: Alex Reid, Current Red Siege Intern
SSH-ishing? Suh-shishing? Have you gotten your blood pressure checked recently?
In the April 2018 release of Windows 10 version 1803, Microsoft announced that the Windows OpenSSH client would ship and be enabled by default (with the server remaining an optional feature that must be manually enabled).…
The world of cyber security faces new and more complex threats every day. Among these threats, which we encounter anew each day, one of the most significant is malicious software designed to steal personal and corporate information, known as “stealers”. Stealers can be considered one of today’s unseen yet most dangerous corporate threats.…
Given the intricate landscape of cybersecurity, the misuse of Windows Management Instrumentation (WMI) stands out as a pervasive threat. WMI facilitates centralized management of Windows devices by providing a consistent and well-documented interface that can be utilized by various management applications developed by Microsoft and third-party vendors.…
You can’t talk about hunting for persistence techniques without mentioning scheduled tasks. As in the case of persistence via Windows services, described in a previous blog post, techniques related to scheduled tasks also allow for the use of a dual approach to persistence hunting:
Both the creation and execution of tasks can be hunted with simple yet different hypotheses, so let’s dive in and explore them.…
When discussing Windows services and how to hunt for their abuse, it is worth mentioning that several threat hunting hypotheses can be leveraged. This is common in threat hunting in general and for persistence-related techniques in particular.
As a reminder, all our service-related hypotheses can be split into two main groups: Hunting for service creation (aka “establishment” or “installation”) and Hunting for service execution (sometimes after the service is created/established).…
When discussing Windows services and how to hunt for their abuse, it is worth mentioning that there are several threat hunting hypotheses that we can leverage. This is very common in threat hunting tradecraft in general and for persistence-related techniques in particular.
When you are dealing with Windows services techniques, all your hypotheses can be split into two big groups: Hunting for service creation (aka “establishment” aka “installation”) and Hunting for service execution (some time after the service was created/established).…
As cyber adversaries become more sophisticated, detecting and neutralizing potential threats before they can cause any harm has become a top priority for cybersecurity professionals. It is also why threat hunting is a crucial skill. By mastering the art of cyber threat hunting, security professionals can build a robust defense and shield their organization from the ever-persistent menace of cyber threats.…
2. DarknetLive — Is on the Clearnet and Dark Web. This site is owned by the Incognito Darknet Market admin and provides news on vendor arrests and other illegal Dark web news.…
Experience Level required: Beginner
In this blog, we will learn how to analyze and deobfuscate Javascript malware.
Let’s view the sample code
The code has obfuscation with ° and g0 spread throughout, so let’s remove them.
We need to take care because g0 is being used here as a variable.…
Open-source software’s adaptive nature ensures its durability, relevance, and compatibility with new technologies.
When I started digging deeper into the open-source cybersecurity ecosystem, I discovered an engaged community of developers working to find practical solutions to many problems, one of them being saving time.
Here are 20 essential open-source cybersecurity tools that are freely available and waiting for you to include them in your arsenal.…
Source : https://webtools.prinsh.com/…
This document will help and guide you to start your first threat hunting based on MITRE ATT&CK Tactics.
ReconnaissanceObjective:Identify potential reconnaissance activity on the network
Description:Reconnaissance is an important phase of an attack, where the attacker gathers information about the target system and network.…
Windows Event Logs mindmap provides a simplified view of Windows Event logs and their capacities that enables defenders to enhance visibility for different purposes:
Log collection (eg: into a SIEM)Threat huntingForensic / DFIRTroubleshootingScheduled tasks:Event ID 4697 , This event generates when new service was installed in the system.…Google recently announced the release of Magika, an “AI-powered file-type identification system”. I tested this on a corpus of nearly 125k files to see how it fared.
Why?File type detection is useful in a number of places, such as:
Anti-spam – detecting unwanted attachments, for example those with executable content.…JPCERT/CC held JSAC2024 on January 25 and 26, 2024. The purpose of this conference is to raise the knowledge and technical level of security analysts, and we aimed to bring them together in one place where they can share technical knowledge related to incident analysis and response.…
Ransomware is malware that locks your computer and mobile devices or encrypts your electronic files. When this happens, you can’t get to the data unless you pay a ransom.However this is not guaranteed and you should never pay!
GOOD NEWSPrevention is possible. Following simple cyber security advice can help you to avoid becoming a victim of ransomware.…
Ransomware, a phenomenon now very well known, serves one ultimate and obvious purpose:
Monetary gain for the cybercriminal(s).However, multiple scenarios are, in fact, possible. Consider any and all of the following:
Closing thoughts
As we’ve seen, ransomware can serve a plethora of purposes; whether it is deployed by a nation-state actor, the more common cybercriminal, or your neighbor disgruntled at your tree hanging over their wall, one thing is for sure: you are, and have been compromised!…
In this blog post, we are talking about what we can do if we are presented with a Memory image for a suspected machine to investigate and how to leverage our tools to get as much information as we can from it.
we will be dealing with two tools:
Volatility 3 MemProcFSExperience Level required: Beginner
Memory forensics is a must-have skill for any computer forensics investigator, you can find a lot of evidence that can’t be found on the disk like:
Establised Network connections.…