Using Steganography to Hide Malware – Witchetty APT Case Study
Steganography has been used in the real world on the Windows and macOS operating systems. Attackers have been detected to […]
The Evolution of SideWinder APT and their Modus-Operandi
A suspected Indian threat actor group, Sidewinder, has been operating at least since 2012. They have been seen attacking businesses, […]
Opera1er APT Group Targeting Banks, Financial Institutes, and Mobile Operators across Africa, Asia and LATAM
Since 2016, OPERA1ER, also known as DESKTOP-GROUP, Common Raven, and NXSMS, has been reported to operate with the intention of […]
Royal Ransomware
Royal has been in existence since at least the beginning of 2022, making it a relatively new business. The goal […]
How to Detect Typosquatting using DNSTwist
Typosquatting is a social engineering attack in which a threat actor registers domains with purposefully misspelled versions of well-known companies’ […]
Ursnif/Gozi Malware Evolution and Associated IoC
Gozi is a powerful piece of malware with a wide range of intricate characteristics. It began as a basic banking […]
Detecting Cyber-Attacks on Kubernetes Environment
Kubernetes is a container orchestration system that acts as a management abstraction layer. It is an open-source system that aids […]
An overview of FIN11 and their motivations
A financially driven threat group FIN11 has run some of the most extensive and longest-running malware dissemination campaigns. Researchers have […]
Alert Advisory: Insight into APT29
Threat group APT29 is allegedly operated by Russia’s Foreign Intelligence Service (SVR). They have been active since 2008 and frequently […]
Alert Advisory: Insight into APT42
APT42 is a state-sponsored cyber espionage group in Iran. The gang, which has been active at least since 2015, is […]
Alert Advisory: New Microsoft Exchange Zero-Days
Late on September 29, 2022, Microsoft acknowledged both zero-day vulnerabilities and stated that they were aware of “limited, targeted attacks […]
Recent Uber Breach and Lessons Learnt
Uber acknowledged reports of a widespread cybersecurity compromise on September 15th. The security investigation found that the company’s system had […]
Usage of NPPSpy
Extracting Windows credentials from Domain based hosts is one of the common attack techniques hackers use to obtain user credentials […]
Malware Evasion Techniques and Recommendations for Threat Protection
Malware evasion methods are frequently employed to evade detection, analysis, and comprehension. Due to the fact that sandboxes are now […]
DGA Detection Using Machine Learning
Domain Generation algorithm (DGA) is an automation technique used by cyber attackers for a variety of attacks like Data exfiltration, […]
Augmenting Traditional UEBA with ML and Deep Learning
User and entity behavior analytics (UEBA) is a threat detection technology that is based on analytics. UEBA employs machine learning […]
Tools Used for Dumping of RDPCreds via comsvcs.dll
Remote Desktop Protocol (RDP) is commonly used by administrators to manage Windows environments remotely. It is also typical for RDP […]
Sniffing Attacks – Packet Capture Techniques Used by Attackers
Sniffing attacks are data thefts caused by capturing network traffic with packet sniffers, which can illegally access and read unencrypted […]
LSASS Dumping Techniques
Local Security Authority Subsystem Service (LSASS) is the process on Microsoft Windows that handles all user authentication, password changes, creation […]
Common Reconnaissance Tools Used by Threat Actors
Reconnaissance consists of techniques that involve adversaries actively or passively gathering information that can be used to support targeting. Background […]
DNS Tunneling and Countermeasures in an Enterprise
DNS tunneling is one of the significant threats that an organization faces when it comes to attacker tactics and techniques […]
Alert Advisory: Analysis of BlackCat Ransomware
BlackCat, also known as ALPHV-ng, ALPHV, and Noberus, is a Ransomware-as-a-Service (RaaS) threat that targets organizations across multiple sectors worldwide […]
SSO SAML Tokens Attack
SAML (In)Security Security Assertion Markup Language (SAML) is a method for exchanging authentication and authorization between trusted parties. It’s essentially […]