The Identity IR Playbook Against Scattered Spider Attacks  

Scattered Spider adversary group has been extremely active in the past month, increasing its outreach to financial and insurance entities. This group features an extensive and in-depth use of identity compromise in ...
team, enterprise, remediation response crisis

Why Timely Response is Essential and How to Achieve It

Advanced persistent threats continue to test organizations’ strength by exploiting new vulnerabilities, organizing massive supply chain incidents and targeting specific industries. According to a study, 84% of enterprises globally acknowledge that cyberattacks ...
Security Boulevard

Hunting injected processes by the modules they keep

A relatively recent post showed how Metasploit's Meterpreter module made some noise on endpoints when the migrate command was used to move the agent code into a legitimate process, spoolsv.exe in our ...

Analyzing an Instance of Meterpreter’s Shellcode

In my previous post on detecting and investigating Meterpreter's Migrate functionality, I went down a rabbit hole on the initial PowerShell attack spawned by and Excel macro. In that payload was a ...
Larry Bianculli

Podcast: CISO Speak – Incident Response

This months podcast features host Larry Bianculli speaking with guest CISO Agim Bracovic from Rabobank, as well as our very own Matthew Pascucci, cybersecurity practice manager, at CCSI, on Incident Response. How ...
Kansa: Get-AutorunscDeep.ps1 -- Taking Autorunsc to 11

Kansa: Get-AutorunscDeep.ps1 — Taking Autorunsc to 11

I wanted to put up a quick post about a new Kansa collector I recently added -- Get-AutorunscDeep.ps1. Sysinternals' Autoruns is a great utility for finding auto-start extension points in Windows and ...