Threat Hunting - Security Intelligence

Your BOFs Are gross, Put on a Mask: How to Hide Beacon During BOF Execution

8 min read - In this post, we’ll review a simple technique that we’ve developed to encrypt Cobalt Strike’s Beacon in memory while executing BOFs to prevent a memory scan from detecting Beacon. Picture this — you’re on a red team engagement and your…

June 27, 2023

The Trickbot/Conti Crypters: Where Are They Now?

23 min read - Despite its shutdown, operators from the Conti syndicate remain active and collaborative in new factions. IBM Security X-force shares the intel.

May 25, 2023

How I Got Started: White Hat Hacker

3 min read - White hat hackers serve as a crucial line of cyber defense, working to identify and mitigate potential threats before malicious actors can exploit them. These ethical hackers harness their skills to assess the security of networks and systems, ultimately helping…

April 27, 2023

Ex-Conti and FIN7 Actors Collaborate with New Backdoor

15 min read - Former Conti syndicate and FIN7 members have collaborated to use a new backdoor dubbed "Minodo" to deliver the Project Nemesis infostealer. Explore the intricate nature of cooperation among cybercriminal groups and their members with in-depth analysis from IBM Security X-Force…

March 20, 2023

When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule

7 min read - In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will…

With 40% of Log4j Downloads Still Vulnerable, Security Retrofitting Needs to Be a Full-Time Job

4 min read - Vulnerabilities like Log4j remain responsible for security breaches a full year after the discovery of the flaw. In the months after widespread reporting about the vulnerability, 40% of Log4j downloads remained vulnerable to exploitation. Rapid Response — by Both Security Teams and Hackers What made this exposure so damaging was how widespread this piece of code is and how hard it is to find exactly where it’s used. This open-source logging code from Apache was the most popular java logging…

Detecting the Undetected: The Risk to Your Info

5 min read - IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…

How to Spot a Nefarious Cryptocurrency Platform

4 min read - Do you ever wonder if your cryptocurrency platform cashes in ransomware payments? Maybe not, but it might be worth investigating. Bitcoin-associated ransomware continues to plague companies, government agencies and individuals with no signs of letting up. And if your platform gets sanctioned, you may instantly lose access to all your funds. What exchanges or platforms do criminals use to cash out or launder ransomware payments? And what implications does this have for people who use exchanges legitimately? Blacklisted Exchanges and Mixers…

How Do Threat Hunters Keep Organizations Safe?

3 min read - Neil Wyler started his job amid an ongoing cyberattack. As a threat hunter, he helped his client discover that millions of records had been stolen over four months. Even though his client used sophisticated tools, its threat-hunting technology did not detect the attack because the transactions looked normal. But with Wyler’s expertise, he was able to realize that data was leaving the environment as well as entering the system. His efforts saved the company from suffering even more damage and…

How Do Threat Hunters Keep Organizations Safe?

5 Golden Rules of Threat Hunting

6 min read - When a breach is uncovered, the operational cadence includes threat detection, quarantine and termination. While all stages can occur within the first hour of discovery, in some cases, that’s already too late. Security operations center (SOC) teams monitor and hunt…

RomCom RAT Attack Analysis: Fake It to Make It

4 min read - The RomCom RAT has been making the rounds — first in Ukraine as it went after military installations, and now in certain English-speaking countries such as the United Kingdom. Initially a spear-phishing campaign, the RomCom attack has evolved to include…

A Perfect Storm: 7 Reasons Global Attacks Will Soar in 2023

4 min read - In 2023, the global annual cost of cyber crime is predicted to top $8 trillion, according to a recent Cybersecurity Ventures report. This seemingly enormous figure might still be a major underestimate. In 2021, U.S. financial institutions lost nearly $1.2…

Security Intelligence

{{title}}

{{title}}

{{title}}

{{title}}

Topics

Your BOFs Are gross, Put on a Mask: How to Hide Beacon During BOF Execution

The Trickbot/Conti Crypters: Where Are They Now?

How I Got Started: White Hat Hacker

Ex-Conti and FIN7 Actors Collaborate with New Backdoor

When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule

With 40% of Log4j Downloads Still Vulnerable, Security Retrofitting Needs to Be a Full-Time Job

Detecting the Undetected: The Risk to Your Info

How to Spot a Nefarious Cryptocurrency Platform

How Do Threat Hunters Keep Organizations Safe?

How Do Threat Hunters Keep Organizations Safe?

5 Golden Rules of Threat Hunting

RomCom RAT Attack Analysis: Fake It to Make It

A Perfect Storm: 7 Reasons Global Attacks Will Soar in 2023

{{{title}}}