#IOCs

1/ Shell is a common feature in the career history of most of upstream oil executives in Nigeria. 3 things account for this:1, Shell had the largest footprint in oil
Read more
NEW RESEARCH: The attackers spreading #Conti have switched gears to a completely fileless attack method. (a thread)1/8 For the past several months, both SophosLabs and the Sophos Rapid Response team
Read more
So, I’ve seen folks pointing out that Dominion Voting Systems uses #SolarWinds.DVS definitely uses the SolarWinds Serv-U product; however, according to @AlexaCorse, they do not use the Orion product line.
Read more
I wonder if all the new cyber experts from the election are regretting their career choice yet. Oh you just got paged due to an executive account lockout, just keep
Read more
For your lunchtime* long read this afternoon, I'd like to point you to some work I'm quite proud of that was published today.SophosLabs found what we now suspect may be
Read more
It is really important, in infosec and natsec, to understand if your adversary is making a tactical or a strategic choice. For instance, why are they moving laterally? Is it
Read more
There's a Trickbot variant called Bazar Backdoor which is now very active, and has good AV evasion across vendors at the moment. One to watch. As @martijn_grooten rightly notes in
Read more
ICYMI: @SANSInstitute Webcast on #SolarWinds #IOCs #CTI #ThreatIntel @MalwareJake That's a YES for APT #SolarWinds #CTI #ThreatIntel @SANSInstitute Webcast @MalwareJake Sandboxing wouldn't have helped High Confidence to evade detect
Read more
Just a reminder that you can’t build a successful threat hunting program to detect the APT indicators everyone is posting unless you actually build the capacity to threat hunt -
Read more
Somalia’s first-ever licensing round for up to seven exploration blocks opened on August 4, 2020 and runs until March 12, 2021. The number of blocks on offer in the first
Read more
Last week, #ESETresearch published about latest GMERA campaigns against Mac users. Here is the current campaign: Malware is distributed on iaemr[.]org, registered a month ago. Perpetrators created a fake org.
Read more
1/9 The French National Cybersecurity Agency @ANSSI_FR released a report on Hades / Sandworm infecting Centreon servers with a PHP backdoor, followed by deploying the Exaramel Linux backdoor. Some notes:
Read more
Okay folks, let’s talk about SolarWinds.For those not familiar with it, SolarWinds is a network management system (NMS). It’s probably the most ubiquitous NMS out there, so we shouldn’t jump
Read more
A thread...1./ The IOCs decision to make no ruling on the participation of transwomen athletes in female sport before Tokyo2020 confirms that the IOC like many others have forgotten how
Read more
2020 was full of major cyber events. Here is an end of year #ff thread of some of the most impactful people and research that I leveraged in my work
Read more
I have report from Microsoft about SolarWinds hack, including IoCs. Excerpts in this thread: "Microsoft security researchers recently discovered a sophisticated attack where an adversary inserted malicious code into a
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.