Mimikatz
Emulating the Blazing DragonForce Ransomware
AttackIQ has released two new attack graphs that emulate the behaviors exhibited by DragonForce ransomware since its emergence in August 2023. Initially based entirely on the leaked LockBit 3.0 (Black) builder, it ...

Threat Analysis Report: Inside the Destructive PYSA Ransomware
The Cybereason Global Security Operations Center (GSOC) issues Cybereason Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them ...

An Inside Look at How Hackers Operate
We’ve all seen shows where a character like The Flash, for instance, needs eyes on a situation to fight the bad guy, and a computer nerd, like Felicity, breaks into Central City’s ...

The RastaLabs experience
IntroductionIt was 20 November, and I was just starting to wonder what I would do during the next month. I had already left my previous job, and the new one would only ...

Satan ransomware rebrands as 5ss5c ransomware
The cybercrime group that brought us Satan, DBGer and Lucky ransomware and perhaps Iron ransomware, has now come up with a new version or rebranding named "5ss5c".In a previous blog post, Satan ...

Why Most Organizations Still Can’t Defend against DCShadow – Part 2
In part 1 of this blog post, I talked about the threat that DCShadow poses to organizations that use Microsoft Active Directory (AD). Here in part 2, I’ll talk about steps you ...

Cryptojacking: An Unwanted Guest
We analyse a cryptojacking attack that mines the Monero cryptocurrency. The value of Monero in US dollars has more than doubled over the first half of 2019, from $46 to $98. The ...

Emotet, Lokibot, TrickBot still impacting enterprise environments globally
New research based on observed attack data over the second half of 2018 (2H 2018) reveals the command-and-control and lateral activities of three high-profile pieces of malware targeting large organizations in recent ...

Five Eyes Cybersecurity Agencies Release Report on Hacking Tools
The national cybersecurity agencies of the United States, U.K., Canada, Australia and New Zealand, known in the intelligence world as the Five Eyes, have released a joint report on five publicly available ...

toolsmith #132 – The HELK vs APTSimulator – Part 2
Continuing where we left off in The HELK vs APTSimulator - Part 1, I will focus our attention on additional, useful HELK features to aid you in your threat hunting practice. HELK ...