Category Archives: threat hunting

Machine learning operations can revolutionize cybersecurity

Posted on by

Machine learning operations (MLOps) refers to the practices and tools employed to streamline the deployment, management and monitoring of machine learning models in production environments. While MLOps is commonly associated with data science and machine learning workflows, its integration with cybersecurity brings new capabilities to detect and respond to threats in real-time. It involves streamlining […]

The post Machine learning operations can revolutionize cybersecurity appeared first on Security Intelligence.

Continue reading Machine learning operations can revolutionize cybersecurity

Threat hunting 101: How to outthink attackers

Posted on by

Threat hunting involves looking for threats and adversaries in an organization’s digital infrastructure that existing security tools don’t detect. It is proactively looking for threats in the environment by assuming that the adversary is in the process of compromising the environment or has compromised the environment. Threat hunters can have different goals and mindsets while […]

The post Threat hunting 101: How to outthink attackers appeared first on Security Intelligence.

Continue reading Threat hunting 101: How to outthink attackers

Vulnerability management, its impact and threat modeling methodologies

Posted on by

Vulnerability management is a security practice designed to avoid events that could potentially harm an organization. It is a regular ongoing process that identifies, assesses, and manages vulnerabilities across all the components of an IT ecosystem. Cybersecurity is one of the major priorities many organizations struggle to stay on top of. There is a huge […]

The post Vulnerability management, its impact and threat modeling methodologies appeared first on Security Intelligence.

Continue reading Vulnerability management, its impact and threat modeling methodologies

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

Posted on by

Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek […]

The post Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub appeared first on Security Intelligence.

Continue reading Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

The rise of malicious Chrome extensions targeting Latin America

Posted on by

In its latest research, IBM Security Lab has observed a noticeable increase in campaigns related to malicious Chrome extensions, targeting  Latin America with a focus on financial institutions, booking sites, and instant messaging. This trend is particularly concerning considering Chrome is one of the most widely used web browsers globally, with a market share of […]

The post The rise of malicious Chrome extensions targeting Latin America appeared first on Security Intelligence.

Continue reading The rise of malicious Chrome extensions targeting Latin America

SIEM and SOAR in 2023: Key trends and new changes

Posted on by

Security information and event management (SIEM) systems remain a key component of security operations centers (SOCs). Security orchestration, automation, and response (SOAR) frameworks, meanwhile, have emerged to fill the gap in these capabilities left by many SIEM systems. But as many companies have begun reaching the limits of SIEM and SOAR systems over the last […]

The post SIEM and SOAR in 2023: Key trends and new changes appeared first on Security Intelligence.

Continue reading SIEM and SOAR in 2023: Key trends and new changes

Your BOFs Are gross, Put on a Mask: How to Hide Beacon During BOF Execution

Posted on by

In this post, we’ll review a simple technique that we’ve developed to encrypt Cobalt Strike’s Beacon in memory while executing BOFs to prevent a memory scan from detecting Beacon. Picture this — you’re on a red team engagement and your phish went through, your initial access payload got past EDR, your beacon is now living […]

The post Your BOFs Are gross, Put on a Mask: How to Hide Beacon During BOF Execution appeared first on Security Intelligence.

Continue reading Your BOFs Are gross, Put on a Mask: How to Hide Beacon During BOF Execution

The Trickbot/Conti Crypters: Where Are They Now?

Posted on by

Despite Conti shutdown, operators remain active and collaborative in new factions In IBM Security X-Force, we have been following the crypters used by the Trickbot/Conti syndicate, who we refer to as ITG23, since 2021 and demonstrated the intelligence that can be revealed through tracking their use in a blog we published last May. One year […]

The post The Trickbot/Conti Crypters: Where Are They Now? appeared first on Security Intelligence.

Continue reading The Trickbot/Conti Crypters: Where Are They Now?

Threat hunting converting SIGMA to YARA

Posted on by

Malware threat hunting is the process of proactively searching for malicious activity. It is a critical part of any organization’s security posture, as it can help to identify and mitigate threats that may have otherwise gone undetected.

Continue reading Threat hunting converting SIGMA to YARA

Incident Response: Bring Out the Body File

Posted on by

An Incident Response (IR) examiner faced with a case or asked whether something ‘funny’ or ‘bad’ happened on a host will wonder if a comprehensive file listing is attainable for the system in question. Sometimes this comes in the form of a question, such as “How long has that malware been there,” or “Was the…

The post Incident Response: Bring Out the Body File appeared first on TrustedSec.

Continue reading Incident Response: Bring Out the Body File