Executive Summary In this report, S2W TALON examined the trends of ransomware groups active in 2023 identifying the operational characteristics of each group and describing them from 5 perspectives:— Activity: The number of victim organizations uploaded to ransomware leak sites increased by 1.6 time…
Category: Interesting Stuff
A proxy server is an intermediary system that sits between end users and the websites or services they access online. It provides functions like web filtering, enhanced security, and data caching to improve network performance. Proxies also help in masking user IP addresses, enabling anonymous web b…
Our 2023 annual report serves as a playbook of adversaries’ tactics, techniques, and procedures (TTPs). Check out our on-demand Annual Report webinar or read on for a summary of key topics and themes in the report.
Online investment scams these days are no longer an issue limited to specific nations, now becoming a social issue prevalent around the globe. Scammers (criminals) deceive their victims through illegal and immoral means, extorting financial assets including cash and virtual assets from them. They are usually a part of a structured…
In this report, we will conduct a comprehensive analysis of Gafgyt, which is an ELF malware. Our aim is to examine the malware’s capabilities and determine its functions: DDoS Attack Capabilities Communication with Command and Control (C&C) Server Evade detection Network Setup and Configuration…
Those who have worked in our industry for a certain amount of time will be acutely aware that executives often encounter information security media articles and flag them to their teams. This is something myself and my peers at other organizations also face. So I decided to write about it, expa…
The U.S. Department of Homeland Security released the Cyber Safety Review Board’s (CSRB) findings and recommendations following its independent review of the Summer 2023 Microsoft Exchange Online intrusion. The review detailed operational and strategic decisions that led to the intrusion and recomme…
OverviewThe SonicWall CaptureLabs threat research team have been recently tracking ransomware created using the Chaos ransomware builder. The builder appeared in June 2021 and has been used by many operators to infect victims and demand payment for file retrieval. The sample we analyzed…
Hihi 😁! In this blog post, we’ll explore the functionality, features, and advantages of Incinerator, an advanced Android reverse engineering suite inspired by the success of Shambles.Our mission is straightforward: we want an advanced hassle-free solution to reverse Android applications, especially…
Manual analysis of Cobalt Strike Shellcode with Ghidra. Identifying function calls and resolving API hashing.
Programmatically filter uncommon DNS Requests with Cisco Umbrella APIs We use the Internet in our everyday lives to get work done, manage our lives, and even socialize. We take this Internet usage for granted these days, but the reality is that we are communicating more than ever on a global scale,…
For years, IT research organizations have reported that most large enterprises consider establishing or improving their cyber threat intelligence (CTI) capabilities a high or critical priority. Yet, many enterprises never move beyond a continual game of cyber threat whack-a-mole. With the grow…
What is Threat Management? Threat management is a process that is used by cybersecurity analysts, incident responders and threat hunters to prevent cyberattacks, detect cyberthreats and respond to security incidents. Why is threat management important? Most IT and security teams face informat…
In the second installment of our blog post series on ChatGPT, we delve deeper into the security implications that come with the integration of AI into our daily routines. Building on the discoveries shared in our initial post, “XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT,” where we unc…
Introduction In the ongoing cat-and-mouse game between cyber attackers and defenders, the battleground has shifted from traditional malware tactics to more sophisticated methods of infiltration. One such technique gaining traction is SMB (Server Message Block) staging, a maneuver that allows attacke…