Lots of children break things not because they are little evil creatures but because they are curious about “how it’s made.” Eventually, some of those children grow up and become Cybersecurity Analysts. They do basically the same but in an adult world. Malware analysis is the process of studying a malware sample to understand what […]
Cyber Threat Hunting is a novel approach to Threat Detection which is aimed at finding cyber threats within an enterprise’s network before they do any harm. This includes deliberately looking for weak spots as well as any signs of ongoing attacks within a digital infrastructure. Threat Hunting is more complex than passive Threat Detection and […]
Cybersecurity experts from Microsoft Threat Intelligence Center (MSTIC) have disrupted the infrastructure of a nefarious APT responsible for long-lasting cyberespionage activities aimed at targets within NATO countries. The group, dubbed SEABORGIUM, launched multiple phishing, data theft, and hack-and-leak campaigns to spy on defense contractors, NGOs, IGOs, think tanks, and educational institutions, allegedly on-behalf of russian […]
A good threat hunting hypothesis is key to identifying weak spots in an organization’s digital infrastructure. Just learn to ask the right questions, and you will get the answers that you’re looking for. In this blog post, we review a proactive threat hunting methodology: Hypothesis-Driven Threat Hunting. Let’s dive right in! Detect & Hunt Explore […]
How to become a Threat Hunter? This question is extremely popular in the cybersecurity community. The next important question is how to advance your Threat Hunting career. In both cases, obtaining professional certifications is the best answer. Whether you’re a beginner or an accomplished specialist, continuous learning is what helps you become the best version […]
LockBit threat actors have been recently under the spotlight in the cyber domain. In July 2022, the hacking collective hit the headlines by introducing the first-ever bug bounty program launched by a ransomware gang. In the latest cyber-attacks, the notorious ransomware group applies Living-off-the-Land tools by abusing the legitimate Microsoft Defender’s command-line utility to deploy […]
A good threat hunt is unthinkable without useful pieces of software that help to navigate enormous pools of data. How can you tell the difference between good, bad, and benign? Analyzing all the intelligence, logs, history, and research data with one pair of eyes (even multiplied by many human Threat Hunters) would have taken years. […]
Cybersecurity researchers have revealed a wave of new activity of the notorious BlackCat ransomware group deploying custom malware binaries for more sophisticated intrusions. In the latest attacks, threat actors have been leveraging Cobalt Strike beacons and a new penetration testing tool dubbed Brute Ratel, installing the latter as a Windows service on the compromised machines. […]
Hot on the heels of the cyber-attack on July 5 targeting Ukrainian state bodies and attributed to the notorious UAC-0056 hacking collective, yet another malicious campaign launched by this group causes a stir in the cyber domain. On July 11, 2022, cybersecurity researchers at CERT-UA warned the global community of an ongoing phishing attack leveraging […]
Brace yourself for a new PetitPotam-like NTLM relay attack enabling complete Windows domain takeover via Microsoft’s Distributed File System (MS-DFSNM) abuse. The new attack method, dubbed DFSCoerce, allows adversaries to coerce Windows servers into authentication with a relay under hackers’ control. Domain Controllers (DC) are also vulnerable, which poses a significant risk of the entire […]