Turning threat reports into detection insights with AI

Security teams routinely need to transform unstructured threat knowledge, such as incident narratives, red team breach-path writeups, threat actor profiles, and public reports into concrete defensive action. The early stages of that work are often the slowest. These include extracting tactics,...

Earth Kasha Updates TTPs in Latest Campaign Targeting Taiwan and Japan

This blog discusses the latest modifications observed in Earth Kasha’s TTPs from their latest campaign detected in March 2025 targeting Taiwan and Japan...

Honeypot-Factory: The Use of Deception in ICS/OT Environments

The recently published Security Navigator report of Orange Cyberdefense shows there has been a rapid increase of attacks on industrial control systems ICS in the past few years. Looking a bit closer, most of the attacks seem to have spilt over from traditional IT. That's to be expected, as...

Malicious code in ttp-error (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a26808cf09478fb5d542a42e4631fb27a558c438802a79dc2cef43a1023ef22e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6675 Malicious code in ttp-error (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a26808cf09478fb5d542a42e4631fb27a558c438802a79dc2cef43a1023ef22e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

packetStrider - A Network Packet Forensics Tool For SSH

packetStrider for SSH is a packet forensics tool that aims to provide valuable insight into the nature of SSH traffic, shining a light into the corners of SSH network traffic where golden nuggets of information previously lay in the dark. The problem that packet strider aims to help with AKA Why?...

MITRE ATT&CK Evaluation Demonstrates the Power of the VMware Carbon Black Cloud

MITRE has released the results for its latest endpoint detection and response EDR product evaluation using its now industry-standard open methodology, the ATT&CK® framework. This year’s results further demonstrate why VMware Carbon Black, now a two-time participant, is a top choice of security an...

Real-life cybercrime stories from DART, the Microsoft Detection and Response Team

When we published our first blog about the Microsoft Detection and Response Team DART in March of 2019, we described our mission as responding to compromises and helping our customers become cyber-resilient. In pursuit of this mission we had already been providing onsite reactive incident respons...

UPDATE: MITRE CALDERA 2.5.1

MITRE CALDERA 2.5.1 is now available since the last release – MITRE CALDERA 2.5.0, which was released a couple of days ago. As you remember, this awesome adversary emulation system was listed in my older post titled – List of Adversary Emulation Tools. Among major changes, what I like is that now...

Managed Detection and Response analytics report, H1 2019

Download full report PDF Introduction This report contains the results of the Managed Detection and Response MDR service brand name - Kaspersky Managed Protection. The MDR service provides managed threat hunting and initial incident response. Threat hunting is the practice of iteratively searchin...

A Look Into Continuous Efforts By Chinese Hackers to Target Foreign Governments

Phishing is still one of the widely used strategies by cybercriminals and espionage groups to gain an initial foothold on the targeted systems. Though hacking someone with phishing attacks was easy a decade ago, the evolution of threat detection technologies and cyber awareness among people has...

“The 101” – Episode 12 – What Is a TTP?

We’re back with another episode of The 101! This weekly security series aims to define endpoint security one question at a time. Tune in each week as we tackle a new term, concept, or comparison in our ongoing effort to provide clear definitions. For a while now we’ve been talking about malware -...

Chinese Hackers targeting American Drones under Operation Beebus

FireEye experts have been tracking the Operation Beebus campaign for a few months now, and new same gang of hackers are being blamed for a set of recently discovered spear-phishing attacks that aim to steal information related to American drones. These attacks exploited previously discovered...

Multiple Linux kernel security vulnerabilities

IrDA TTP header buffer overflow. Tokenring memory corruption. docoredump symbolic links problem...