Category Archives: Incident Response & Forensics

Wanted: TScopy Tool Testers GitHub Repo https://github.com/trustedsec/tscopy Introducing TScopy It is a requirement during an Incident Response (IR) engagement to have the ability to analyze files on the filesystem. Sometimes these files are locked by the operating system (OS) because they are in use, which is particularly frustrating with event logs and registry hives. TScopy…

The post Access Locked Files With TScopy appeared first on TrustedSec.

Continue reading Access Locked Files With TScopy→

Opener Through threat hunting, an organization can break away from a reactive approach to identifying incidents and evolve into a proactive operation that actively looks for incidents. The high-level threat hunting pipeline consists of taking a hypothesis built around threats specific to the organization, lab testing and validating the hypothesis, implementing security operation detection, testing…

The post Threat Hunting – Outbound RDP Surprises appeared first on TrustedSec.

Continue reading Threat Hunting – Outbound RDP Surprises→

Microsoft recently released a patch for all versions of the Microsoft Exchange server. This patch fixes a Remote Code Execution flaw that allows an attacker to send a specially crafted payload to the server and have it execute an embedded command. Researchers released proof of concept (POC) exploits for this vulnerability on February 24, 2020….

The post Detecting CVE-20200688 Remote Code Execution Vulnerability on Microsoft Exchange Server appeared first on TrustedSec.

Continue reading Detecting CVE-20200688 Remote Code Execution Vulnerability on Microsoft Exchange Server→

So far in this series, we have looked at what ransomware is, what it does after it has compromised a system, and what organizations can do to detect and prevent ransomware. However, that is only half the story. Organizations need to assume that they will be compromised with ransomware at some point and must plan…

The post Incident Response Ransomware Series – Part 3 appeared first on TrustedSec.

Continue reading Incident Response Ransomware Series – Part 3→

So far in this series, we have looked at what ransomware is, what it does after it has compromised a system, and what organizations can do to detect and prevent ransomware. However, that is only half the story. Organizations need to assume that they will be compromised with ransomware at some point and must plan…

The post Incident Response Ransomware Series – Part 3 appeared first on TrustedSec.

Continue reading Incident Response Ransomware Series – Part 3→

Opening In part one of this blog post series, we provided an introduction into what ransomware is and how it works. We also provided examples of different types of ransomware, variation of ransomware tactics, and identified that ransomware delivery is traditionally accompanied by other malware to assist in lateral movement and deployment. If you haven’t…

The post Incident Response Ransomware Series – Part 2 appeared first on TrustedSec.

Continue reading Incident Response Ransomware Series – Part 2→

In this three-part blog post series, we will provide an introduction into what ransomware is, how it works, and how it spreads to systems within an organization. We will also provide examples of different types of ransomware and variation of ransomware tactics. In part two, we will go in-depth to understand the various attack vectors…

The post Incident Response Ransomware Series: Part 1 appeared first on TrustedSec.

Continue reading Incident Response Ransomware Series: Part 1→