Leveraging DETT&CT Framework
Building detection is a difficult task, particularly with an increasing number of data sources. It might be challenging for detection […]
DCSync Attacks Explained
Once an attacker gets access to a Windows endpoint, they can access credentials saved in clear text or as a […]
Monitoring USB Usages in OT Environments
Industrial control systems are vital infrastructures that need strict security protocols, particularly those that operate in operational technology (OT) environments. […]
Silentbob: A New Campaign by Team TNT Attacking Cloud Environments
The infrastructure of many organizations has included cloud computing in recent years due to its multiple advantages in terms of […]
Alert Advisory: Citrix ADC Gateway RCE – CVE-2023-3519
In this blog post, we will explore the details of Citrix ADC vulnerability, its potential consequences, and the importance of […]
2022 is Over But What Did We Learn From Our Work
Throughout the year, numerous new incidents and rising threats were unveiled to the horror of many. In 2022, the world […]
Ursnif/Gozi Malware Evolution and Associated IoC
Gozi is a powerful piece of malware with a wide range of intricate characteristics. It began as a basic banking […]
Detecting Cyber-Attacks on Kubernetes Environment
Kubernetes is a container orchestration system that acts as a management abstraction layer. It is an open-source system that aids […]
Alert Advisory: New Microsoft Exchange Zero-Days
Late on September 29, 2022, Microsoft acknowledged both zero-day vulnerabilities and stated that they were aware of “limited, targeted attacks […]
Tools Used for Dumping of RDPCreds via comsvcs.dll
Remote Desktop Protocol (RDP) is commonly used by administrators to manage Windows environments remotely. It is also typical for RDP […]
Sniffing Attacks – Packet Capture Techniques Used by Attackers
Sniffing attacks are data thefts caused by capturing network traffic with packet sniffers, which can illegally access and read unencrypted […]
LSASS Dumping Techniques
Local Security Authority Subsystem Service (LSASS) is the process on Microsoft Windows that handles all user authentication, password changes, creation […]
Alert Advisory: Analysis of BlackCat Ransomware
BlackCat, also known as ALPHV-ng, ALPHV, and Noberus, is a Ransomware-as-a-Service (RaaS) threat that targets organizations across multiple sectors worldwide […]
Kerberoasting – Active Directory Attack
Active Directory services are usually used by organizations for easily configuring policies and managing permissions. Due to its widespread usage, […]
XDR Software – The Journey Beyond
We are still in the early days of the XDR (eXtended Detection and Response) era, understanding XDR technology in the […]
How Threat Actors Steal Your Data with Reverse Tunnelling
Reverse tunnelling is a technique used to ‘sneak into’ a secured network by hiding applications within traffic which originates from […]
Using Windows Event Forwarding for Centralized Windows Monitoring – Part 3
Reading security logs requires a higher level of permission that other logs. Below are the steps to configure the right […]
Using Windows Event Forwarding for Centralized Windows Monitoring – Part 2
From a security perspective, generally, it would be better to allow communication from user segments to outside rather than from […]
Using Windows Event Forwarding for Centralized Windows Monitoring – Part 1
Staying on top of cyber threats in your environment could be challenging even with a lot of protective measures in […]
SOAR Features and Use Cases
Organizations are getting bigger and bigger and, because of that a lot of events, activities and data are being generated […]
Cyber Threat Intelligence and OSINT
We are living in a world where any number of cyber threats can bring an organization to its knees and […]
Cyber Threat Management with MITRE ATT&CK – Part 1
Let’s agree on this first, job of a SOC analyst is TOUGH, as tough as finding a needle in a […]
What is SOC beyond a Monitoring Center?
Managed SOC / CSOC (aka Cyber Security Operations Center) is often regarded as the workplace where the nerdy information security […]