Online investment scams these days are no longer an issue limited to specific nations, now becoming a social issue prevalent around the globe. Scammers (criminals) deceive their victims through illegal and immoral means, extorting financial assets including cash and virtual assets from them. They are usually a part of a structured…
Category: Interesting Stuff
In this report, we will conduct a comprehensive analysis of Gafgyt, which is an ELF malware. Our aim is to examine the malware’s capabilities and determine its functions: DDoS Attack Capabilities Communication with Command and Control (C&C) Server Evade detection Network Setup and Configuration…
Those who have worked in our industry for a certain amount of time will be acutely aware that executives often encounter information security media articles and flag them to their teams. This is something myself and my peers at other organizations also face. So I decided to write about it, expa…
The U.S. Department of Homeland Security released the Cyber Safety Review Board’s (CSRB) findings and recommendations following its independent review of the Summer 2023 Microsoft Exchange Online intrusion. The review detailed operational and strategic decisions that led to the intrusion and recomme…
OverviewThe SonicWall CaptureLabs threat research team have been recently tracking ransomware created using the Chaos ransomware builder. The builder appeared in June 2021 and has been used by many operators to infect victims and demand payment for file retrieval. The sample we analyzed…
Hihi 😁! In this blog post, we’ll explore the functionality, features, and advantages of Incinerator, an advanced Android reverse engineering suite inspired by the success of Shambles.Our mission is straightforward: we want an advanced hassle-free solution to reverse Android applications, especially…
Manual analysis of Cobalt Strike Shellcode with Ghidra. Identifying function calls and resolving API hashing.
Programmatically filter uncommon DNS Requests with Cisco Umbrella APIs We use the Internet in our everyday lives to get work done, manage our lives, and even socialize. We take this Internet usage for granted these days, but the reality is that we are communicating more than ever on a global scale,…
For years, IT research organizations have reported that most large enterprises consider establishing or improving their cyber threat intelligence (CTI) capabilities a high or critical priority. Yet, many enterprises never move beyond a continual game of cyber threat whack-a-mole. With the grow…
What is Threat Management? Threat management is a process that is used by cybersecurity analysts, incident responders and threat hunters to prevent cyberattacks, detect cyberthreats and respond to security incidents. Why is threat management important? Most IT and security teams face informat…
In the second installment of our blog post series on ChatGPT, we delve deeper into the security implications that come with the integration of AI into our daily routines. Building on the discoveries shared in our initial post, “XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT,” where we unc…
Introduction In the ongoing cat-and-mouse game between cyber attackers and defenders, the battleground has shifted from traditional malware tactics to more sophisticated methods of infiltration. One such technique gaining traction is SMB (Server Message Block) staging, a maneuver that allows attacke…
Table of Contents By: Alex Reid, Current Red Siege Intern SSH-ishing? Suh-shishing? Have you gotten your blood pressure checked recently? In the April 2018 release of Windows 10 version 1803, Microsoft announced that the Windows OpenSSH client would ship and be enabled by default (with the server re…
The world of cyber security faces new and more complex threats every day. Among these threats, which we encounter anew each day, one of the most significant is malicious software designed to steal personal and corporate information, known as “stealers”. Stealers can be considered one of today’s unse…
What’s happening? Given the intricate landscape of cybersecurity, the misuse of Windows Management Instrumentation (WMI) stands out as a pervasive threat. WMI facilitates centralized management of Windows devices by providing a consistent and well-documented interface that can be utilized by various…