Collaborate Disseminate
Introduction
Cyber criminals tend to favor cryptocurrencies because they provide
a certain level of anonymity and can be easily monetized. This interest
has increased in recent years, stemming far beyond the desire to
simply use cryptocurrencie… Continue reading How the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape:
The Growth of Miners
Introduction
FireEye has examined a range of TEMP.Periscope activity revealing
extensive interest in Cambodia’s politics, with active compromises of
multiple Cambodian entities related to the country’s electoral system.
This includes compro… Continue reading Chinese Espionage Group TEMP.Periscope Targets Cambodia Ahead of July
2018 Elections and Reveals Broad Operations Globally
Introduction
Cyber security vendors and researchers have reported for years how
PowerShell is being used by cyber threat actors to install
backdoors, execute
malicious code, and otherwise achieve their objectives within
enterprises. Security … Continue reading Malicious PowerShell Detection via Machine Learning
Introduction
Through FireEye Dynamic Threat Intelligence (DTI), we observed RIG
Exploit Kit (EK) delivering a dropper that leverages the PROPagate
injection technique to inject code that downloads and executes a
Monero miner (similar has been a… Continue reading RIG Exploit Kit Delivering Monero Miner Via PROPagate Injection Technique
Introduction
One of most significant recent developments in sophisticated
offensive operations is the use of “Living off the Land” (LotL)
techniques by attackers. These techniques leverage legitimate tools
present on the system, such … Continue reading Bring Your Own Land (BYOL) – A Novel Red Teaming Technique
Introduction
In December 2017, FireEye’s Mandiant discussed an
incident response involving the TRITON
framework. The TRITON attack and many of the publicly discussed
ICS intrusions involved routine techniques where the threat actors
used only w… Continue reading A Totally Tubular Treatise on TRITON and TriStation
Many cyber incidents can be traced back to an original alert that was
either missed or ignored by the Security Operations Center (SOC) or
Incident Response (IR) team. While most analysts and SOCs are vigilant
and responsive, the fact is they are … Continue reading Reverse Engineering the Analyst: Building Machine Learning Models for
the SOC
Users have long needed to access important resources such as virtual
private networks (VPNs), web applications, and mail servers from
anywhere in the world at any time. While the ability to access
resources from anywhere is imperative for employe… Continue reading Remote Authentication GeoFeasibility Tool – GeoLogonalyzer
Introduction
Spear phishing attacks are seen as one of the biggest cyber threats
to an organization. It only takes one employee to enter their
credentials or run some malware for an entire organization to become
compromised. As such, companies de… Continue reading Shining a Light on OAuth Abuse with PwnAuth
As discussed in previous
blogs, exploit kit activity has been on the decline since the
latter half of 2016. However, we do still periodically observe
significant developments in this space, and we have been observing
interesting ongoing activit… Continue reading A Deep Dive Into RIG Exploit Kit Delivering Grobios Trojan