CVE-2023-50164: Apache Struts Path Traversal Vulnerability
Threat actors began attempting to exploit CVE-2023-50164, a critical-severity remote code execution (RCE) vulnerability affecting Apache Struts, an open-source framework […]
Ragnar Locker Ransomware
Ragnar Locker Ransomware is a type of malware that encrypts a victim’s files and then demands a ransom to decrypt […]
How SBOM Plays a Key Role in CSOC
In general, 75% of codebases use open-source software, according to the 2021 Open Source Security and Risk Study report. Costs […]
Alert Advisory: Insight into APT29
Threat group APT29 is allegedly operated by Russia’s Foreign Intelligence Service (SVR). They have been active since 2008 and frequently […]
Recent Uber Breach and Lessons Learnt
Uber acknowledged reports of a widespread cybersecurity compromise on September 15th. The security investigation found that the company’s system had […]
Malware Evasion Techniques and Recommendations for Threat Protection
Malware evasion methods are frequently employed to evade detection, analysis, and comprehension. Due to the fact that sandboxes are now […]
Augmenting Traditional UEBA with ML and Deep Learning
User and entity behavior analytics (UEBA) is a threat detection technology that is based on analytics. UEBA employs machine learning […]
LSASS Dumping Techniques
Local Security Authority Subsystem Service (LSASS) is the process on Microsoft Windows that handles all user authentication, password changes, creation […]
Common Reconnaissance Tools Used by Threat Actors
Reconnaissance consists of techniques that involve adversaries actively or passively gathering information that can be used to support targeting. Background […]
DNS Tunneling and Countermeasures in an Enterprise
DNS tunneling is one of the significant threats that an organization faces when it comes to attacker tactics and techniques […]
Alert Advisory: Analysis of BlackCat Ransomware
BlackCat, also known as ALPHV-ng, ALPHV, and Noberus, is a Ransomware-as-a-Service (RaaS) threat that targets organizations across multiple sectors worldwide […]
Ransomware Detection Using Machine Learning
Gone are the days of manual security analysis that cyber security teams used to perform to track down and stop […]
CSOC Analysts Cybersecurity Toolkit Arsenal
It is safe to say that organizations worldwide have different infrastructure setups, technology, software, and different network architecture types. No […]
XDR Software – The Journey Beyond
We are still in the early days of the XDR (eXtended Detection and Response) era, understanding XDR technology in the […]
How Threat Actors Steal Your Data with Reverse Tunnelling
Reverse tunnelling is a technique used to ‘sneak into’ a secured network by hiding applications within traffic which originates from […]
Using Windows Event Forwarding for Centralized Windows Monitoring – Part 3
Reading security logs requires a higher level of permission that other logs. Below are the steps to configure the right […]
Using Windows Event Forwarding for Centralized Windows Monitoring – Part 2
From a security perspective, generally, it would be better to allow communication from user segments to outside rather than from […]
Using Windows Event Forwarding for Centralized Windows Monitoring – Part 1
Staying on top of cyber threats in your environment could be challenging even with a lot of protective measures in […]
Deep-dive into Azure Sentinel – Part 2 – Data Collection and Processing
From our experience in deploying various SIEM platform, we would rank Azure sentinel number one when it comes to the […]
Deep-dive into Azure Sentinel – Part 1 – Introduction to Sentinel as a SIEM
You might have heard of the North Sentinel Island in the middle of Bay of Bengal that hosts the most […]
SOAR Features and Use Cases
Organizations are getting bigger and bigger and, because of that a lot of events, activities and data are being generated […]
Dark Web and Threat Intelligence (DARKINT)
Security researchers and Cybersecurity professionals have an immense interest in discovering threat intelligence on the deep web and darknet. This […]
Ransomware Incident Response Plan – Part 2
Ransomware was and still is one of the most dangerous attacks that can cause catastrophic consequences to the endpoint system […]
Ransomware Incident Response Plan – Part 1
Ransomware was and still is one of the most dangerous attacks that can cause catastrophic consequences to the endpoint system […]