Adam Shostack

MAY 15, 2021

Blog posts from Sophos and Mandiant seem really useful! Move Laterally. Lateral Movement. For move laterally, Mandiant lists: Beacon, RDP, plink, F-Secure C3, while Sophos lists PSExec, RDP, SSH. I did want to talk about one small aspect, which is the way responders talk about Darkside. Initial Compromise.

Phishing 357

Phishing Engineering Passwords 357

Security Boulevard

JANUARY 18, 2023

Services must be installed before they can be executed, and they require specific functions in order for the control mechanism to interact with them, which we will go into further detail about later in this post. It’s dangerous to find malicious services alone! Authors: Luke Paine & Jonathan Johnson. Introduction. Underlying Technology.

Engineering 84

Engineering Accountability Technology Software 84

Security Affairs

MAY 7, 2021

The blog post examines a typical Hancitor and Cuba kill chain, the threat actors’ TTPs, detailed recommendations, and mitigation techniques. As always, the document contains instructions on how to remove “protection”: Figure 2. It is known since at least 2016 for dropping Pony and Vawtrak. exe: Figure 3.

Ransomware 115

Ransomware Education Manufacturing Malware 115

SecureList

MAY 6, 2021

Based on the detection timestamps of that toolset, we assess that the attacker had a foothold in the network from as early as 2018; A couple of other tools that have significant code overlaps with Moriya were found as well.

Malware 145

Malware Architecture Engineering Technology 145

McAfee

SEPTEMBER 14, 2021

In the blog, they detail the MITRE Tactics and Techniques the actors used in the attack. In this blog, our Pre-Sales network defenders describe how you can defend against a campaign like Operation Harvest with McAfee Enterprise’s MVISION Security Platform and security architecture best practices.

Architecture 87

Architecture DNS Cyber Attacks Phishing 87

Security Boulevard

OCTOBER 24, 2023

How do defenders truly reclaim control over their domain? How do they recover operational efficiency without compromising trust or security through the recovery process? Attack Technique Format This blog covers multiple Kerberos abuse based attack techniques, detection guidance and remediation of a compromised domain.

Backups 69

Backups Passwords Authentication Accountability 69

SecureList

AUGUST 15, 2022

The attackers were using this to hide a last-stage Trojan in the file system. The attack starts by driving targets to a legitimate website and tricking them into downloading a compressed RAR file that is booby-trapped with the network penetration testing tools Cobalt Strike and SilentBreak. WinDealer’s man-on-the-side spyware.

Mobile 79

Mobile Ransomware Malware Encryption 79