digital certificates – WindowsTechs.com

Anomaly detection in certificate-based TGT requests

Posted on July 28, 2023 by Alexander Rodchenko

I identified several signs of attacks that use forged certificates inside the network and developed a Proof-of-Concept utility capable of finding artifacts in AD, as well as a number of detection logic rules that can be added to SIEM. Continue reading Anomaly detection in certificate-based TGT requests→

Uncommon infection and malware propagation methods

Posted on October 5, 2022 by GReAT

In this report, Kaspersky researchers discuss uncommon infection and propagation methods observed in certain crimeware families. Continue reading Uncommon infection and malware propagation methods→

A new secret stash for “fileless” malware

Posted on May 4, 2022 by Denis Legezo

We observed the technique of putting the shellcode into Windows event logs for the first time “in the wild” during the malicious campaign. It allows the “fileless” last stage Trojan to be hidden from plain sight in the file system. Continue reading A new secret stash for “fileless” malware→

Threats to ICS and industrial enterprises in 2022

Posted on November 23, 2021 by Evgeny Goncharov

In recent years, we have observed various trends in the changing threat landscape for industrial enterprises. We can say with high confidence that many of these trends will not only continue, but gain new traction in the coming year. Continue reading Threats to ICS and industrial enterprises in 2022→

LuminousMoth APT: Sweeping attacks for the chosen few

Posted on July 14, 2021 by Mark Lechtik, Paul Rascagneres, Aseel Kayal

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda. Continue reading LuminousMoth APT: Sweeping attacks for the chosen few→

How Hidden Vulnerabilities will Lead to Mobile Device Compromises

Posted on May 26, 2021 by SecurityExpert

Your mobile device can be hacked very easily without your knowledge. Even if an attacker can’t get into your device they can attempt to gain access to the sensitive information instead that is stored inside such as your places visited, emails and cont… Continue reading How Hidden Vulnerabilities will Lead to Mobile Device Compromises→

APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign

Posted on March 30, 2021 by Suguru Ishimaru

A41APT is a long-running campaign with activities detected from March 2019 to the end of December 2020. Most of the discovered malware families are fileless malware and they have not been seen before. Continue reading APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign→

The Importance of Certificate Discovery – Keyfactor

Posted on August 21, 2020 by Sami Van Vliet

Organizations have thousands, or even tens of thousands, of certificates. If you handle certificates in your company, this comes as no surprise. It’s very complex and difficult to keep track of these certificates, much less maintain control over h… Continue reading The Importance of Certificate Discovery – Keyfactor→

Digital Signature vs. Digital Certificate | Keyfactor

Posted on July 9, 2020 by Ryan Yackel

Public key cryptography, also called asymmetric encryption, is based on computations that are almost impossible to break using today’s fastest computers. But, there is still one problem when using encryption with private and public keys…. Continue reading Digital Signature vs. Digital Certificate | Keyfactor→

IT threat evolution Q1 2020

Posted on May 20, 2020 by David Emm

Operation AppleJeus, news about Roaming Mantis, watering-hole websites in Asia, virus blast from the past and other targeted attacks and malware campaigns. Continue reading IT threat evolution Q1 2020→