A proxy server is an intermediary system that sits between end users and the websites or services they access online. It provides functions like web filtering, enhanced security, and data …
Category: Interesting Stuff
A hacker has confessed to orchestrating his own death to evade over $100,000 in child support payments to his ex-wife. Jesse …
Check out our on-demand Annual Report webinar or read on for a summary of key topics and themes in the report.
2023 was a year in which cybercrime evolved in …
Online investment scams these days are no longer an issue limited to specific nations, now becoming a social issue prevalent around the globe. Scammers (criminals) deceive their victims through illegal …
In this report, we will conduct a comprehensive analysis of Gafgyt, which is an ELF malware. Our aim is to examine the malware’s capabilities and determine its functions:
DDoS Attack…In 2022, the DonutLeaks group emerged as a significant player, demonstrating a sophisticated approach to data extortion. Linked to cyber incidents targeting notable enterprises such as Greek natural gas company DESFA, UK …
Those who have worked in our industry for a certain amount of time will be acutely aware that executives often encounter information security media articles and flag them to their …
The U.S. Department of Homeland Security released the Cyber Safety Review Board’s (CSRB) findings and recommendations following its independent review of the Summer 2023 Microsoft Exchange Online intrusion. The review …
Overview
The SonicWall CaptureLabs threat research team have been recently tracking ransomware created using the Chaos ransomware builder. The builder appeared in June 2021 and has been used by many …
Hihi 😁! In this blog post, we’ll explore the functionality, features, and advantages of Incinerator, an advanced Android reverse engineering suite inspired by the success of Shambles.
Our mission is …
In previous posts we decoded some Malicious scripts and obtained Cobalt Strike Shellcode.
After obtaining the Shellcode, we used SpeakEasy emulation to determine the functionality of the Shellcode. This is …
We use the Internet in our everyday lives to get work done, manage our lives, and even socialize. We take this …
For years, IT research organizations have reported that most large enterprises consider establishing or improving their cyber threat intelligence (CTI) capabilities a high or critical priority. Yet, many enterprises never …
Threat management is a process that is used by cybersecurity analysts, incident responders and threat hunters to prevent cyberattacks, detect cyberthreats and respond to security incidents.…
In the second installment of our blog post series on ChatGPT, we delve deeper into the security implications that come with the integration of AI into our daily routines. Building …
Introduction
In the ongoing cat-and-mouse game between cyber attackers and defenders, the battleground has shifted from traditional malware tactics to more sophisticated methods of infiltration. One such technique gaining traction …
Table of Contents
By: Alex Reid, Current Red Siege Intern
SSH-ishing? Suh-shishing? Have you gotten your blood pressure checked recently?
In the April 2018 release of Windows 10 version 1803, …
The world of cyber security faces new and more complex threats every day. Among these threats, which we encounter anew each day, one of the most significant is malicious software …
Given the intricate landscape of cybersecurity, the misuse of Windows Management Instrumentation (WMI) stands out as a pervasive threat. WMI facilitates centralized management of Windows devices by providing …
You can’t talk about hunting for persistence techniques without mentioning scheduled tasks. As in the case of persistence via Windows services, described in a previous blog post, techniques related to …
When discussing Windows services and how to hunt for their abuse, it is worth mentioning that several threat hunting hypotheses can be leveraged. This is common in threat hunting in …
When discussing Windows services and how to hunt for their abuse, it is worth mentioning that there are several threat hunting hypotheses that we can leverage. This is very common …
As cyber adversaries become more sophisticated, detecting and neutralizing potential threats before they can cause any harm has become a top priority for cybersecurity professionals. It is also why threat …
Experience Level required: Beginner
In this blog, we will learn how to analyze and deobfuscate Javascript malware.
Let’s view the sample code
The code has obfuscation with ° and g0 …
Open-source software’s adaptive nature ensures its durability, relevance, and compatibility with new technologies.
When I started digging deeper into the open-source cybersecurity ecosystem, I discovered an engaged community of developers …
This document will help and guide you to start your first threat hunting based on MITRE ATT&CK Tactics.
Reconnaissance Objective:Identify potential reconnaissance activity on the network
Description:Reconnaissance …
Windows Event Logs mindmap provides a simplified view of Windows Event logs and their capacities that enables defenders to enhance visibility for different purposes:
Log collection (eg: into a SIEM)…Google recently announced the release of Magika, an “AI-powered file-type identification system”. I tested this on a corpus of nearly 125k files to see how it fared.
Why?File type …
JPCERT/CC held JSAC2024 on January 25 and 26, 2024. The purpose of this conference is to raise the knowledge and technical level of security analysts, and we aimed to bring …
Ransomware is malware that locks your computer and mobile devices or encrypts your electronic files. When this happens, you can’t get to the data unless you pay a ransom.However this …
Ransomware, a phenomenon now very well known, serves one ultimate and obvious purpose:
Monetary gain for the cybercriminal(s).However, multiple scenarios are, in fact, possible. Consider any and all of …
In this blog post, we are talking about what we can do if we are presented with a Memory image for a suspected machine to investigate and how to leverage …
Tenable Research discovered a one-click account takeover vulnerability in the AWS Managed Workflows Apache Airflow service that could have allowed full takeover of a victim’s web management panel of the …
This is an web about website security. It discusses different types of malware that can infect websites. The web article provides information on how to protect your website from these …
Conducting an external website scan for indicators of compromise is one of the easiest ways to identify security issues.
While remote scanners may not provide as comprehensive of a …
Key Points
ReliaQuest has observed 246% more business email compromise (BEC) attempts over the past year; this highlights the growing risk of fraud or other damage caused by cyber attacks,…This joint guide, Understanding and Responding to Distributed Denial-Of-Service Attacks, addresses the specific needs and challenges faced by organizations in defending against DDoS attacks. The guidance now includes detailed insight into …
In late 2023 and early 2024, the ransomware ecosystem experienced repeated disruption of its most prolific Ransomware-as-a-Service (RaaS) groups at the hands of international Law Enforcement (LE). Alphv’s dark …
[Update] April 8, 2024: “From ALPHV to RansomHub: Change Healthcare”
A new threat actor has emerged in the ransomware landscape, distinguishing themselves by making claims and backing them up with …
Trigona ransomware is a sophisticated and evolving threat that leverages vulnerabilities, legitimate tools, and double extortion tactics to target organizations, particularly in the technology and healthcare sectors. Collaboration with …
Experience Level required: Intermediate
In this report, we will analyze the CryptNet Ransomware, starting with deobfuscating the sample and proceeding through the ransomware’s techniques:
Obfuscated strings encrypted strings AES &…Sextortion scam is defined as the crime of blackmailing victims using their sensitive information to inflict great psychological distress and extort them. Victims not only suffer from immediate financial losses …
The fraudulent activities take place across online platforms.
Travel
Fake vacation packages which offer hidden fees or non-existent accommodations.
Utility
Impersonating utility companies …
For CISA, understanding adversary behavior is often the first step in protecting networks and data. The success network defenders have in detecting and mitigating cyberattacks depends on this understanding. The …