What is RDP, why is it a very nearly ubiquitous finding in incident response, and how can investigators run it to ground it when it goes wrong? An Active Adversary Special Report. Remote Desktop Protocol: The Series Part 1: Remote Desktop Protocol: Introduction (post, video) Part 2: Remote Desktop P…
Category: Interesting Stuff
The list comprises 25 influential figures in the technology sector, arranged by age from youngest to oldest. These individuals are recognized for their significant contributions across various areas of technology, including internet innovations, software development, consumer electronics, and digita…
Must-Read Cybersecurity Blogs [List of Blogs & Websites] 1. Unsupervised Learning An experienced cybersecurity expert, consultant and writer, Miessler takes a personal approach on his blog with an “about me” page that not only details his professional interests but also his hobbies, interes…
Experience Level required: beginner In this blog we will Learn how to analyze MS Office Macro enabled Documents. 1st sample: 8d15fadf25887c2c974e521914bb7cba762a8f03b1c97a2bc8198e9fb94d45a5 2nd sample: a9f8b7b65e972545591683213bb198c1767424423ecc8269833f6e784aa8bc99 Let’s see the sample in Virus Tot…
A Virtual Private Network (VPN) is a technology that creates a secure and encrypted connection over a less secure network, such as the internet. It allows users to send and receive data across shared or public networks as if their computing devices were directly connected to a private network. This…
Krebs on Security is a popular blog focused on in-depth security news and investigations. It’s authored by Brian Krebs, a well-known journalist in the field of cybersecurity. The site provides detailed coverage of security threats, breaches, cybercrime, and other related topics aimed at educating re…
Anyone who has had to deal with HTML emails on a technical level has probably reached the point where they wanted to quit their job or just set fire to all the mail clients due to their inconsistent implementations. But HTML emails are not just a source of frustration, they can also be a serious sec…
Cyber threat intelligence (CTI) is a framework for collecting, processing, and analyzing information about potential or ongoing cyber threats. Put simply, it’s the collection of various types of threat intelligence, such as IOCs, TTPs used by threat actors, and their motivations and capabilit…
Phishing is one of the most common and effective cyberattack vectors that threat actors use to compromise email accounts, steal sensitive data, and deliver malware. Recently, we have observed a new trend in phishing campaigns that leverage QR codes embedded in emails to evade detection and trick use…
Attacker launches password spray Attacker Password spray: hydra -L users.txt -P seasons-2023.txt 192.168.37.237 smb -u Defender Count successful (4624) and failed (4625) logins: Get-WinEvent -Path C:labsvalkyrie-security-logons.evtx | Group-Object id -NoElement | sort count Attacker uses spra…
What is CyberChef? CyberChef – The Cyber Swiss Army Knife – is a web-based utility that allows analysts to manipulate or transform inputs based on a series of steps called a recipe. The versatile tool is used by a wide range of individuals, including cybersecurity analysts, researchers, and enthusia…
We hear about “cyber attacks” in the news every week! But – what actually happens ‘during’ the attack, what happens in the background, behind the scenes, from the moment the event ‘begins’ until the moment it’s realized something is amiss? Or worse – when it’s not realized something is amiss a…
Executive Summary In this report, S2W TALON examined the trends of ransomware groups active in 2023 identifying the operational characteristics of each group and describing them from 5 perspectives:— Activity: The number of victim organizations uploaded to ransomware leak sites increased by 1.6 time…
A proxy server is an intermediary system that sits between end users and the websites or services they access online. It provides functions like web filtering, enhanced security, and data caching to improve network performance. Proxies also help in masking user IP addresses, enabling anonymous web b…
Our 2023 annual report serves as a playbook of adversaries’ tactics, techniques, and procedures (TTPs). Check out our on-demand Annual Report webinar or read on for a summary of key topics and themes in the report.