SOC, TI and IR posts – WindowsTechs.com

Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses

Posted on October 29, 2024 by Victor Sergeev, Amged Wageh, Ahmed Khlief

Kaspersky experts analyze cyberdefense weak points, including patch management, policy violations and MSSP issues, and real-world cases where compromise assessment helped detect and mitigate incidents. Continue reading Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses→

Whispers from the Dark Web Cave. Cyberthreats in the Middle East

Posted on October 14, 2024 by Vera Kholopova, Kaspersky Security Services

The Kaspersky Digital Footprint Intelligence team shares insights into the H1 2024 Middle Eastern cyberthreat landscape: hacktivism, initial access brokers, ransomware, stealers, and so on. Continue reading Whispers from the Dark Web Cave. Cyberthreats in the Middle East→

A deep dive into the most interesting incident response cases of last year

Posted on September 3, 2024 by Eduardo Ovalle, Ahmad Zaidi Said, AbdulRhman Alfaifi

Kaspersky Global Emergency Response Team (GERT) shares the most interesting IR cases for the year 2023: insider attacks, ToddyCat-like APT, Flax Typhoon and more. Continue reading A deep dive into the most interesting incident response cases of last year→

Approach to mainframe penetration testing on z/OS

Posted on August 20, 2024 by Denis Stepanov, Alexander Korotin

We explain how mainframes work, potential attack vectors, and what to focus on when pentesting such systems. Continue reading Approach to mainframe penetration testing on z/OS→

Tusk: unraveling a complex infostealer campaign

Posted on August 15, 2024 by Elsayed Elrefaei, AbdulRhman Alfaifi

Kaspersky researchers discovered Tusk campaign with ongoing activity that uses Danabot and StealC infostealers and clippers to obtain cryptowallet credentials and system data. Continue reading Tusk: unraveling a complex infostealer campaign→

Developing and prioritizing a detection engineering backlog based on MITRE ATT&CK

Posted on July 9, 2024 by Roman Nazarov, Andrey Tamoykin, Kaspersky Security Services

How a SOC can efficiently manage priorities when writing detection logic for various MITRE ATT&CK techniques and what tools can help. Continue reading Developing and prioritizing a detection engineering backlog based on MITRE ATT&CK→

Trusted relationship attacks: trust, but verify

Posted on May 28, 2024 by Dmitry Kachan, Alina Sukhanova

We analyze the tactics and techniques of attackers targeting organizations through trusted relationships – that is, through contractors and external IT service providers. Continue reading Trusted relationship attacks: trust, but verify→

ShrinkLocker: Turning BitLocker into ransomware

Posted on May 23, 2024 by Cristian Souza, Eduardo Ovalle, Ashley Muñoz, Christopher Zachor

The Kaspersky GERT has detected a new group that has been abusing Microsoft Windows features by modifying the system to lower the defenses and using the local MS BitLocker utility to encrypt entire drives and demand a ransom. Continue reading ShrinkLocker: Turning BitLocker into ransomware→

A journey into forgotten Null Session and MS-RPC interfaces

Posted on May 23, 2024 by Haidar Kabibo

This is the first part of the research, devoted to null session vulnerability, unauthorized MS-RPC interface and domain user enumeration. Continue reading A journey into forgotten Null Session and MS-RPC interfaces→

Incident response analyst report 2023

Posted on May 14, 2024 by Kaspersky GERT, Kaspersky Security Services

The report shares statistics and observations from incident response practice in 2023, analyzes trends and gives cybersecurity recommendations. Continue reading Incident response analyst report 2023→