threat hunting – Page 6 – WindowsTechs.com

When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule

Posted on March 20, 2023 by John Dwyer

In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as […]

The post When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule appeared first on Security Intelligence.

Continue reading When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule→

Red vs. Blue: Kerberos Ticket Times, Checksums, and You!

Posted on March 14, 2023 by Roza Maille

This blog post was co-authored with Charlie Clark of Semperis. 1 Introduction At SANS Pen Test HackFest 2022, Charlie Clark (@exploitph) and I presented our talk ‘I’ve Got a Golden Twinkle in My Eye‘ whereby we built and demonstrated two tools that assist with more accurate detection of forged tickets being used. Although we demonstrated…

The post Red vs. Blue: Kerberos Ticket Times, Checksums, and You! appeared first on TrustedSec.

Continue reading Red vs. Blue: Kerberos Ticket Times, Checksums, and You!→

With 40% of Log4j Downloads Still Vulnerable, Security Retrofitting Needs to Be a Full-Time Job

Posted on February 24, 2023 by Ronda Swaney

Vulnerabilities like Log4j remain responsible for security breaches a full year after the discovery of the flaw. In the months after widespread reporting about the vulnerability, 40% of Log4j downloads remained vulnerable to exploitation. Rapid Response — by Both Security Teams and Hackers What made this exposure so damaging was how widespread this piece of […]

The post With 40% of Log4j Downloads Still Vulnerable, Security Retrofitting Needs to Be a Full-Time Job appeared first on Security Intelligence.

Continue reading With 40% of Log4j Downloads Still Vulnerable, Security Retrofitting Needs to Be a Full-Time Job→

Detecting the Undetected: The Risk to Your Info

Posted on February 16, 2023 by Ignacio Salim

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories […]

The post Detecting the Undetected: The Risk to Your Info appeared first on Security Intelligence.

Continue reading Detecting the Undetected: The Risk to Your Info→

IoC detection experiments with ChatGPT

Posted on February 15, 2023 by Victor Sergeev

We decided to check what ChatGPT already knows about threat research and whether it can help with identifying simple adversary tools and classic indicators of compromise, such as well-known malicious hashes and domains. Continue reading IoC detection experiments with ChatGPT→

Good, Perfect, Best: how the analyst can enhance penetration testing results

Posted on February 10, 2023 by Olga Zinenko, Kaspersky Security Services

What is the analyst on a penetration testing team, what role they perform at Kaspersky, and why is their job vital to the success of the project? Continue reading Good, Perfect, Best: how the analyst can enhance penetration testing results→

ESXiArgs: What you need to know and how to protect your data

Posted on February 7, 2023 by Roza Maille

Threat Overview Around February 03, 2023, a ransomware campaign called “ESXiArgs” emerged that targeted Internet-facing VMware ESXi servers running versions older than 7.0. Though not confirmed, it has been reported by the French CERT (CERT-FR), BleepingComputer, and other sources that the campaign leverages CVE-2021-21974, which is a three-year-old vulnerability in the OpenSLP component of the…

The post ESXiArgs: What you need to know and how to protect your data appeared first on TrustedSec.

Continue reading ESXiArgs: What you need to know and how to protect your data→

How to Spot a Nefarious Cryptocurrency Platform

Posted on February 7, 2023 by Jonathan Reed

Do you ever wonder if your cryptocurrency platform cashes in ransomware payments? Maybe not, but it might be worth investigating. Bitcoin-associated ransomware continues to plague companies, government agencies and individuals with no signs of letting up. And if your platform gets sanctioned, you may instantly lose access to all your funds. What exchanges or platforms […]

The post How to Spot a Nefarious Cryptocurrency Platform appeared first on Security Intelligence.

Continue reading How to Spot a Nefarious Cryptocurrency Platform→

How Do Threat Hunters Keep Organizations Safe?

Posted on February 2, 2023 by Jennifer Gregory

Neil Wyler started his job amid an ongoing cyberattack. As a threat hunter, he helped his client discover that millions of records had been stolen over four months. Even though his client used sophisticated tools, its threat-hunting technology did not detect the attack because the transactions looked normal. But with Wyler’s expertise, he was able […]

The post How Do Threat Hunters Keep Organizations Safe? appeared first on Security Intelligence.

Continue reading How Do Threat Hunters Keep Organizations Safe?→

How Threat Actors Use OneNote to Deploy ASyncRAT

Posted on February 1, 2023 by Roza Maille

See how Research Team Lead Carlos Perez dissects a sample of a OneNote document that was used to deploy ASyncRAT, an open-source remote admin tool, to enable phishing attacks. You’ll find out how these OneNote files are now being used by threat actors and where to find the location that ASyncRAT is being downloaded and…

The post How Threat Actors Use OneNote to Deploy ASyncRAT appeared first on TrustedSec.

Continue reading How Threat Actors Use OneNote to Deploy ASyncRAT→