CISA Releases Analysis of FY23 Risk and Vulnerability Assessments

CISA has released an analysis and infographic detailing the findings from the 143 Risk and Vulnerability Assessments RVAs conducted across multiple critical infrastructure sectors in fiscal year 2023 FY23. The analysis details a sample attack path including tactics and steps a cyber threat actor...

Info Stealing Campaign Uses DLL Sideloading Through Legitimate Cisco Webex’s Binaries for Initial Execution and Defense Evasion

Info Stealing Campaign Uses DLL Sideloading Through Legitimate Cisco Webex’s Binaries for Initial Execution and Defense Evasion By Ale Houspanossian · June 17, 2024 Case Summary It was a quiet Monday morning in March 2024 when the EDR researchers with our Trellix Advanced Research Center identifi...

Network Threats: A Step-by-Step Attack Demonstration

Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy. Surprisingly, most network attacks are not exceptionally...

Detecting and Visualizing Lateral Movement Attacks with Trellix XDR

Detecting and Visualizing Lateral Movement Attacks with Trellix XDR By Chintan Shah, Maulik Maheta, Ajeeth S · December 13, 2023 Executive summary With Organizations deploying multiple security controls and solutions on their network and endpoints, there is a significant gap in the way threat...

Unveiling the Unseen: Identifying Data Exfiltration with Machine Learning

Why Data Exfiltration Detection is Paramount? The world is witnessing an exponential rise in ransomware and data theft employed to extort companies. At the same time, the industry faces numerous critical vulnerabilities in database software and company websites. This evolution paints a dire pictu...

Threat Actors Exploit Progress Telerik Vulnerabilities in Multiple U.S. Government IIS Servers

SUMMARY From November 2022 through early January 2023, the Cybersecurity and Infrastructure Security Agency CISA and authoring organizations identified the presence of indicators of compromise IOCs at a federal civilian executive branch FCEB agency. Analysts determined that multiple cyber threat...

Shennina - Automating Host Exploitation With AI

Shennina is an automated host exploitation framework. The mission of the project is to fully automate the scanning, vulnerability scanning/analysis, and exploitation using Artificial Intelligence. Shennina is integrated with Metasploit and Nmap for performing the attacks, as well as being...

Sandbox_Scryer - Tool For Producing Threat Hunting And Intelligence Data From Public Sandbox Detonation Output

The Sandbox Scryer is an open-source tool for producing threat hunting and intelligence data from public sandbox detonation output The tool leverages the MITRE ATT&CK Framework to organize and prioritize findings, assisting in the assembly of IOCs, understanding attack movement and in threat...

Whids - Open Source EDR For Windows

What EDR with artifact collection driven by detection. The detection engine is built on top of a previous project Gene specially designed to match Windows events against user defined rules. What do you mean by "artifact collection driven by detection" ? It means that an alert can directly trigger...

Sharpen Your IR Capabilities With Rapid7’s Detection and Response Workshop

You’re tasked with protecting your environment, and you’ve invested significant time and resources into deploying and configuring your tools — but how do you know if the security controls you’ve put into place are effective? The challenge continues to grow as attacker tactics, techniques, and...

Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure

Summary Actions Critical Infrastructure Organizations Should Implement to Immediately Strengthen Their Cyber Posture. • Patch all systems. Prioritize patching known exploited vulnerabilities. • Implement multi-factor authentication. • Use antivirus software. • Develop internal contact lists and...

Trellix Global Defenders: Analysis and Protections for BlackByte Ransomware

Trellix Global Defenders: Analysis and Protections for BlackByte Ransomware By Taylor Mullins · February 28, 2022 BlackByte Ransomware has been in the news of late due to a successful attack against a National Football League NFL Franchise and a Joint Cybersecurity Advisory by the Federal Bureau ...

Trellix Global Defenders: Analysis and Protections for BlackByte Ransomware

Trellix Global Defenders: Analysis and Protections for BlackByte Ransomware By Taylor Mullins · February 28, 2022 BlackByte Ransomware has been in the news of late due to a successful attack against a National Football League NFL Franchise and a Joint Cybersecurity Advisory by the Federal Bureau ...

DetectionLabELK - A Fork From DetectionLab With ELK Stack Instead Of Splunk

DetectionLabELK is a fork from Chris Long's DetectionLab with ELK stack instead of Splunk. Description: DetectionLabELK is the perfect lab to use if you would like to build effective detection capabilities. It has been designed with defenders in mind. Its primary purpose is to allow blueteams to...

2022 Planning: Prioritizing Defense and Mitigation Through Left of Boom

In the military, the term “left of boom" refers to the strategy and tactics required to prevent — and protect personnel from — explosions by making proactive decisions before the event happens. Unless you've been fortunate enough to avoid tech and media press for the past 24 months, it should be...

Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department

Summary This Joint Cybersecurity Advisory was written by the Federal Bureau of Investigation FBI and the Cybersecurity and Infrastructure Security Agency CISA to provide information on a Chinese Advanced Persistent Threat APT group known in open-source reporting as APT40. This advisory provides...

How purple teams can embrace hacker culture to improve security

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Matthew Hickey, co-founder, CEO, and writ...

How purple teams can embrace hacker culture to improve security

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Matthew Hickey, co-founder, CEO, and writ...

Optimize security with Azure Firewall solution for Azure Sentinel

Security is a constant balance between proactive and reactive defenses. They are both equally important, and neither can be neglected. Effectively protecting your organization means constantly optimizing both prevention and detection. That’s why we’re excited to announce a seamless integration...

Optimize security with Azure Firewall solution for Azure Sentinel

Security is a constant balance between proactive and reactive defenses. They are both equally important, and neither can be neglected. Effectively protecting your organization means constantly optimizing both prevention and detection. That’s why we’re excited to announce a seamless integration...