Hunting Misconfigured Web Applications
January 24, 2023
Hunting Misconfigured Web Applications If you are decrypting HTTPS traffic, the queries in this...
Examining APT27 and the HyperBro RAT
December 10, 2022
Earlier this Fall, the Cybersecurity & Infrastructure Security Agency (CISA) released an Alert...
FirstWatch Threat Spotlight: DarkTortilla
November 30, 2022
Executive Summary DarkTortilla is a complex and highly configurable .NET-based crypter that has...
Sliver C2 – Network and Endpoint Detection with NetWitness Platform
November 21, 2022
Preface Sliver command-and-control (C2) framework is an open-source cross-platform adversary...
Configure Channel Filter Settings on Endpoint Windows Log Policy
November 18, 2022
While creating the Windows Log Policy, you can configure Channel Filter Settings and select the...
NetWitness Platform XDR version 12.1 -- Threat-Centric Content Bundles
October 27, 2022
We recently released NetWitness Platform XDR version 12.1 which completed many initiatives related...
Phase II Content Hygiene Initiative Complete: EDR (Endpoint) Application Rule Hygiene Initiative
October 18, 2022
Introduction As part of a larger content hygiene initiative begun earlier this year, we have...
FirstWatch Threat Spotlight: BlackCat Ransomware
September 2, 2022
Executive Summary BlackCat, also known as ALPHV or Noberus, is a ransomware family that is deployed...
FirstWatch Spotlight: Cyclops Blink – Sandworm’s Newest Addition to The Arsenal
August 30, 2022
Author: Rajas Save Introduction On Feb 23rd, 2022, the United Kingdom's (UK) National Cyber...
FirstWatch Threat Spotlight – Raspberry Robin
August 25, 2022
Background Earlier this year, Red Canary Intelligence posted a blog about a worm, named Raspberry...