DCSync Detection with NetWitness
February 7, 2023
Introduction In this post we will look at the DCSync OS Credential Dumping technique targeting...
FirstWatch Threat Spotlight: Brute Ratel C4
January 31, 2023
Executive Summary Adversaries have been observed abusing legitimate adversary simulation software...
Examining APT27 and the HyperBro RAT
December 10, 2022
Earlier this Fall, the Cybersecurity & Infrastructure Security Agency (CISA) released an Alert...
Configure Channel Filter Settings on Endpoint Windows Log Policy
November 18, 2022
While creating the Windows Log Policy, you can configure Channel Filter Settings and select the...
FirstWatch Threat Spotlight: BlackCat Ransomware
September 2, 2022
Executive Summary BlackCat, also known as ALPHV or Noberus, is a ransomware family that is deployed...
Agent Tesla: The Information Stealer
June 17, 2022
What is Agent Tesla? Agent Tesla is a spyware Trojan written for the .NET framework that has been...
Atlassian Confluence Zero-day Vulnerability (0-Zero) CVE-2022-26134: What You Need To Know
June 3, 2022
Introduction Volexity, industry-leading incident response and forensics firm based out of Reston,...
‘Follina’ CVE-2022-30190 0-Day: What You Need To Know
June 2, 2022
‘Follina’ CVE-2022-30190 0-Day: What You Need To Know On May 27, 2022, the NAO Security Cyber...
Ransomware Email Attacks: Beware of BazarLoader
May 20, 2022
What is BazarLoader? Bazar malware infections are specifically targeting professional services,...
Exotic Lily: Global Activity Analysis
May 9, 2022
Background In September 2021, Google TAG Researchers shared their observations about a threat actor...