Alert Advisory: New Microsoft Exchange Zero-Days
Late on September 29, 2022, Microsoft acknowledged both zero-day vulnerabilities and stated that they were aware of “limited, targeted attacks […]
Recent Uber Breach and Lessons Learnt
Uber acknowledged reports of a widespread cybersecurity compromise on September 15th. The security investigation found that the company’s system had […]
Usage of NPPSpy
Extracting Windows credentials from Domain based hosts is one of the common attack techniques hackers use to obtain user credentials […]
Malware Evasion Techniques and Recommendations for Threat Protection
Malware evasion methods are frequently employed to evade detection, analysis, and comprehension. Due to the fact that sandboxes are now […]
DGA Detection Using Machine Learning
Domain Generation algorithm (DGA) is an automation technique used by cyber attackers for a variety of attacks like Data exfiltration, […]
Augmenting Traditional UEBA with ML and Deep Learning
User and entity behavior analytics (UEBA) is a threat detection technology that is based on analytics. UEBA employs machine learning […]
Tools Used for Dumping of RDPCreds via comsvcs.dll
Remote Desktop Protocol (RDP) is commonly used by administrators to manage Windows environments remotely. It is also typical for RDP […]
Sniffing Attacks – Packet Capture Techniques Used by Attackers
Sniffing attacks are data thefts caused by capturing network traffic with packet sniffers, which can illegally access and read unencrypted […]
LSASS Dumping Techniques
Local Security Authority Subsystem Service (LSASS) is the process on Microsoft Windows that handles all user authentication, password changes, creation […]
Common Reconnaissance Tools Used by Threat Actors
Reconnaissance consists of techniques that involve adversaries actively or passively gathering information that can be used to support targeting. Background […]
DNS Tunneling and Countermeasures in an Enterprise
DNS tunneling is one of the significant threats that an organization faces when it comes to attacker tactics and techniques […]
Alert Advisory: Analysis of BlackCat Ransomware
BlackCat, also known as ALPHV-ng, ALPHV, and Noberus, is a Ransomware-as-a-Service (RaaS) threat that targets organizations across multiple sectors worldwide […]
SSO SAML Tokens Attack
SAML (In)Security Security Assertion Markup Language (SAML) is a method for exchanging authentication and authorization between trusted parties. It’s essentially […]
Kerberoasting – Active Directory Attack
Active Directory services are usually used by organizations for easily configuring policies and managing permissions. Due to its widespread usage, […]
ToddyCat APT
ToddyCat — a relatively new Chinese-Speaking Advanced Persistent Threat, has been targeting and exploiting vulnerable Exchange Servers throughout Europe and […]
CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability and Digital Forensics
Microsoft issued CVE-2022-30190 regarding a vulnerability regarding the Microsoft Support Diagnostic Tool (MSDT). This exists when MSDT is called using […]
Wiper Malware – What is it and How to Detect?
In the world of different malware types and strains, the most disruptive malware type besides ransomware might be Wiper malware. […]
Ransomware Detection Using Machine Learning
Gone are the days of manual security analysis that cyber security teams used to perform to track down and stop […]
How to Detect Ransomware Early
The proliferation of ransomware attacks in the past decade has brought many challenges to companies and cyber security teams worldwide. […]
CSOC Analysts Cybersecurity Toolkit Arsenal
It is safe to say that organizations worldwide have different infrastructure setups, technology, software, and different network architecture types. No […]
XDR Software – The Journey Beyond
We are still in the early days of the XDR (eXtended Detection and Response) era, understanding XDR technology in the […]
Log4j Critical RCE
The Log4j Vulnerability commonly known as Log4Shell zero day vulnerability was made public on December 9th 2021. This vulnerability is […]
How Threat Actors Steal Your Data with Reverse Tunnelling
Reverse tunnelling is a technique used to ‘sneak into’ a secured network by hiding applications within traffic which originates from […]