xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement.Microsoft Defender Attack Surface Reduction recommendations How to set up a Microsoft Defender for Identity Sensor on a Domain Controller Use Elastic to represent MISP threat dataĭeveloping Sigma rules with Sysmon and ELK.Cybersecurity Ethics: Establishing a Code for Your SOC.SCYTHE Presents: #ThreatThursday – Egregor Ransomware.SCYTHE Presents: #ThreatThursday – Egregor Ransomware with Sean Gallagher.Last Dash for Joker’s Stash: Carding forum may close in 30 daysĪ Rare Look Inside a Cryptojacking Campaign and its Profit Joker’s Stash Shutting Down-for Good This TimeĪbusing cloud services to fly under the radarĭGA Nedir? Nasıl Tespit edilir & Engellenir? Plotting booby traps like in Home Alone: Our approach to detection writing How to Check if an Android Phone has a Stalkerware Installed? Cloud Threat Hunting: Attack & Investigation Series- Lateral Movement – Under the Radarĭecrypting TLS Streams With Wireshark: Part 3ĭetecting Threats with Graylog Pipelines – Part 3.Going Rogue- a Mastermind behind Android Malware Returns with a New RAT.11th January – Threat Intelligence Report.Resources on tracking adversary infrastructure Oliver Rochford at Brim Security’s Knowledge FunnelĪnalyzing Qakbot using Brim’s No-code threat hunting.(Wednesday) – Emotet epoch 2 infection with Trickbot gtag mor13.thru – Six items of malspam received by my admin email.– Emotet infection from Epoch 1 botnet.(Thursday) – Pcap and malware for an ISC diary (Rig EK).(Tuesday) – Pcap and malware for an ISC diary (Hancitor).Brad Duncan at Malware Traffic Analysis.RisingSun: Decoding SUNBURST C2 to Identify Infected Hosts Without Network TelemetryĪ Global Perspective of the SideWinder APT.SolarWind Attack: Italy activates the Cyber Security Nucleus.SolarWinds: Insights into Attacker Command and Control Process.Sunburst backdoor – code overlaps with Kazuar.SolarWinds Orion Breach – What It Means for the Industry Writ Large.Update on SolarWinds Supply-Chain Attack: SUNSPOT and New Malware Family Associations.Robust Indicators of Compromise for SUNBURST. ![]() Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender.Nation-states are taking their supply-chain attack strategy from the cybercriminal underground.FireEye & SolarWinds Follow-Up with Senior SOC Analyst Tony Robinson.Nothing New Under the Sun: Wait Until it Bursts or Re-think the Approach?.The Devil’s in the Details: SUNBURST Attribution.Protecting Against Supply Chain Attacks by Profiling Suppliers.SUNSPOT: An Implant in the Build Process.Start triage with already set YARA rules for SUNBURST. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |