IR
The Identity IR Playbook Against Scattered Spider Attacks
Scattered Spider adversary group has been extremely active in the past month, increasing its outreach to financial and insurance entities. This group features an extensive and in-depth use of identity compromise in ...
Why Timely Response is Essential and How to Achieve It
Advanced persistent threats continue to test organizations’ strength by exploiting new vulnerabilities, organizing massive supply chain incidents and targeting specific industries. According to a study, 84% of enterprises globally acknowledge that cyberattacks ...
Hunting injected processes by the modules they keep
A relatively recent post showed how Metasploit's Meterpreter module made some noise on endpoints when the migrate command was used to move the agent code into a legitimate process, spoolsv.exe in our ...
Analyzing an Instance of Meterpreter’s Shellcode
In my previous post on detecting and investigating Meterpreter's Migrate functionality, I went down a rabbit hole on the initial PowerShell attack spawned by and Excel macro. In that payload was a ...
Podcast: CISO Speak – Incident Response
This months podcast features host Larry Bianculli speaking with guest CISO Agim Bracovic from Rabobank, as well as our very own Matthew Pascucci, cybersecurity practice manager, at CCSI, on Incident Response. How ...
Kansa: Get-AutorunscDeep.ps1 — Taking Autorunsc to 11
I wanted to put up a quick post about a new Kansa collector I recently added -- Get-AutorunscDeep.ps1. Sysinternals' Autoruns is a great utility for finding auto-start extension points in Windows and ...