Cybersecurity is one of the most important issues facing businesses today. With the rise of data breaches and other cyber attacks, it is more important than ever to protect your business from these threats. One way to do this is by implementing a security operation center (SOC). A SOC isContinue Reading
Virustotal is the biggest community for sharing/learning malicious files platform. It aggregates many antivirus and scan engines and allows users to check a file is malicious or not according to tens of antivirus products and scan engines. Google acquired Virustotal in 2012 and Mandiant last year. While waiting eagerly aboutContinue Reading
In its simplest definition, threat hunting is a process to identify whether adversaries reached to the organization’s network or not. Despite many precautions taken at the perimeter level and many technologies used, breaches cannot be prevented. As a result of this situation, technologies to detect whether an attacker is insideContinue Reading
About twenty years ago, antivirus, IPS and firewall were managed by security teams – mostly organizations had only one information security team, and the most important thing was getting up to date IPS signatures and antivirus database. But, SOCs are growing year by year because of new attack techniques andContinue Reading
The US Department of Justice announced that an Estonian man – Maksim Berezan, 37 – was sentenced to 66 months in prison because of ransomware conspiracy. He was apprehended in Latvia and extradited to the United States. According to the court documents, Berezan had participated in at least 13 ransomwareContinue Reading
Lapsus$, which is seen as the most active threat group of recent weeks seen as responsible for attacks like Okta, Samsung, Nvidia and others. Before announcing the Okta breach, Lapsus$ also had threatened to breach Microsoft. At the beginning of the week, Bloomberg reported that the leader of the groupContinue Reading
AT&T Alien Labs last week announced that the source code of BotenaGo malware has been published in GitHub. BotenaGo was discovered and named in November 2021 by Alien Labs again, and according to the post of Alien Labs, the source code of this malware has been published on 16th ofContinue Reading
Organizations invests more and more to security tools, breach statistics keep increasing. About ten years ago and more, attackers were mostly alone, and were using basic tools, so it was easier to block them. But with the advanced techniques and tools, and the groups that came together to attack, madeContinue Reading
As we mentioned in the previous sessions, IoCs are crucial important for a proactive threat hunting process. Threat hunters should know most of the information of newly threats and implement them to their hunting processes. Pyramid of Pain classifies IoCs and helps us understand better the usefulness of them. TheContinue Reading
Redline is a free tool for investigation malicious activity through memory and file analysis. It has a lot of features for investigation but in this post, we will only mention searching for IoCs in the endpoint with Redline. In previous post, we created an IoC to detect WinSCP.exe. Now, weContinue Reading