Introduction Malware is a constant threat to organizations of all sizes, and one of the most insidious tactics employed by malware is process impersonation. By impersonating critical processes, malware can evade detection and allow attackers to carry out their malicious activities undetected. …

In order to effectively prevent, detect, and respond to cyber attacks, security teams should take a multi-faceted approach. The first step is to actively manage the attack surface by identifying and fortifying internet-exposed assets that are particularly vulnerable to attack. …

T1059.003: Windows Command Shell 2 Detection: Monitor for command shell activity, particularly for unusual or unauthorized commands. Monitor for the use of known malicious command-line arguments. Monitor for the execution of commands from suspicious or unexpected locations. Prevention: Limit access to the command shell to only authorized users. Use whitelisting…

Description: This genral plan is designed to detect and respond to potential Qbot malware activity by monitoring for specific indicators of compromise (IOCs) associated with this malware. The plan includes steps for investigating the alert, identifying infected hosts and users, and remediating the infection to prevent future Qbot malware infections. …

Abstract: Adversaries can use Login Hooks as a technique to establish persistence and execute malicious code upon user logon on macOS. This white paper explores the mechanism behind Login Hooks, the techniques adversaries use to exploit them, and preventive measures that organizations can implement to protect their systems. …

Introduction: The world is becoming increasingly digital, and with that, the importance of cybersecurity is only growing. Cybercriminals are getting more sophisticated, and their attacks are becoming more targeted, causing significant financial and reputational damage. …

Abstract: In recent years, Advanced Persistent Threat (APT) groups have been increasingly targeting government organizations worldwide. The APT29 group, also known as Cozy Bear, is a well-known Russian state-sponsored group that has been involved in numerous cyber espionage operations targeting government, military, and defense organizations. In this paper, we analyze…

Introduction: Mimikatz is a powerful open-source tool that can be used to extract sensitive information from Windows systems, including passwords and hashes. This tool was created by Benjamin Delpy and is widely used by both penetration testers and cybercriminals alike. …

Abstract: Log retention and rotation policies are crucial for maintaining the integrity of an organization’s data, especially in today’s data-driven environment. However, determining the appropriate policies for an organization can be challenging. In this white paper, we provide a quick guide on how to estimate log retention and rotation policies…