304 matches found
How Trellix Helix detects AS-REP Roasting in Active Directory
How Trellix Helix detects AS-REP Roasting in Active Directory By Adithya Chandra and Maulik Maheta · November 13, 2025 Executive Summary Adversaries use AS-REP Roasting to extract and crack password hashes from Active Directory AD accounts with Kerberos preauthentication disabled, a...
EUVD-2024-46844
Malicious code in bioql PyPI...
EUVD-2023-58374
Malicious code in bioql PyPI...
EUVD-2024-47160
Malicious code in bioql PyPI...
EUVD-2023-12963
Malicious code in bioql PyPI...
EUVD-2023-44309
Malicious code in bioql PyPI...
EUVD-2023-58328
Malicious code in bioql PyPI...
EUVD-2022-42727
Malicious code in bioql PyPI...
EUVD-2024-16005
Malicious code in bioql PyPI...
EUVD-2022-51679
Malicious code in bioql PyPI...
EUVD-2024-44425
Malicious code in bioql PyPI...
EUVD-2022-43199
Malicious code in bioql PyPI...
EUVD-2023-54658
Malicious code in bioql PyPI...
EUVD-2023-12960
Malicious code in bioql PyPI...
EUVD-2024-47081
Malicious code in bioql PyPI...
EUVD-2023-12962
Malicious code in bioql PyPI...
XWorm V6: Exploring Pivotal Plugins
XWorm V6: Exploring Pivotal Plugins By Niranjan Hegde and Sijo Jacob · October 2, 2025 Introduction In the constantly evolving world of cyber threats, staying informed is not just an advantage; it's a necessity. First observed in 2022, XWorm quickly gained notoriety as a highly effective malware,...
When AD Gets Breached: Detecting NTDS.dit Dumps and Exfiltration with Trellix NDR
When AD Gets Breached: Detecting NTDS.dit Dumps and Exfiltration with Trellix NDR By Maulik Maheta · September 25, 2025 Executive summary Active Directory AD stores the digital keys to an organization's kingdom. When attackers gain access to a network, they often target the NTDS.dit file, which...
Silent Pivot: Detecting Fileless Lateral Movement via Service Manager with Trellix NDR
Silent Pivot: Detecting Fileless Lateral Movement via Service Manager with Trellix NDR By Maulik Maheta and Lishoy Mathew · September 8, 2025 Executive summary The tactics of cyber adversaries continue to evolve as they attempt to bypass security vendors. Rather than traditional malware, today’s...
Exposing PathWiper: DCOM Abuse and Network Erasure
Exposing PathWiper: A Deep Dive into DCOM Abuse and Network Erasure With Trellix NDR By Maulik Maheta and Lishoy Mathew · August 12, 2025 Executive summary Ukraine’s national energy and telecommunications infrastructure was the primary targets of the PathWiper attack in 2025. The attack was...