Latest Blogs

blog-column-img-one

Nov 28, 2024

RU APT targeting Energy Infrastructure (Unknown unknowns, part 3)

Sandworm is considered one of the most advanced Russian APT groups, responsible for attacks on the Energy infrastructure of its neighbors. This blog will show a few techniques we use to track their phishing campaigns.

blog-column-img-one

Oct 28, 2024

Finding the unknown unknowns, part 2 (unc3707)

Customers often have a broad understanding of threat groups they want to track, but not always the tools to build operational workflows to enrich and action results. This blog walks through three simple pivots we can take off your plate.

blog-column-img-one

September 09, 2024

Debunking AI Myths

Artificial intelligence (AI) has been a hot topic across industries, especially in cybersecurity. With promises of revolutionizing threat detection and response, AI is often surrounded by hype and skepticism. In a recent StrikeReady webinar, Alex Langston, Chief Evangelist, and Tom Los, a veteran in security, took a deep dive into the myths versus realities of AI in cybersecurity, specifically for Security Operations Center (SOC) leaders.

blog-column-img-one

August 07, 2024

Open Sesame

Active for over 10 years, the Bitter threat actor has maintained an unusually frenetic pace of operations. Although occasionally derided on the sophistication scale, they have been wildly successful at completing their regional missions. In addition to first-party incidents we’ve investigated, this is also clear from use of exploited infrastructure to attack subsequent targets. They’ve been willing to burn accesses that other groups would have kept close held. This blog sheds light on their latest activities, including previously untracked IOCs, and provides analysis of their manually dropped payloads.

blog-column-img-one

July 24, 2024

Russia-nexus actor targets Ukraine

Russian attackers continue to bypass detection technologies with simplistic yet effective techniques. In this blog we examine a campaign targeting Ukraine leveraging email attachments less than 150 bytes, which seem to bypass certain tools.

blog-column-img-one

June 27, 2024

This ELF is not your buddy

The volume of Linux malware is orders of magnitude less than for other operating systems, and as such, has fewer eyeballs researching it. Analysts don't want to spend thousands of hours building detection systems for threats that they will never see. However, for an enterprising hunter, this lack of prevalence can work in your favor --- if your enterprise only sees one or two ELF email attachments per year, you can afford to give each a quick eyeball.

blog-column-img-one

June 24, 2024

Armageddon is more than a Grammy-nominated album

Russian Government hackers continue to leverage novel techniques for defeating automated analysis systems. In this blog, we examine a simple html trick for waiting for a user to jiggle the mouse before executing the malicious javascript.

blog-column-img-one

May 29, 2024

Protecting against Dangling DNS hijacking is more than good hygiene

In this blog, we examine the typical causes of Dangling DNS hijacking, and how we were able to ethically report issues at a major vendor

blog-column-img-one

May 24, 2024

StrikeReady Wins Prestigious Global InfoSec Award from Cyber Defense Magazine

StrikeReady wins in three categories.

blog-column-img-one

May 21, 2024

RSA Conference 2024 Wrap-Up

Embracing AI, Secure by Design, and Security by Persona.

blog-column-img-one

April 20, 2024

Finding the unknown unknowns, part 1

This is the first article in a series about technical hunting wins that are attainable by all SOC teams.

blog-column-img-one

April 3, 2024

Rattling the cage of a Sidewinder

How StrikeReady helps you track APT infrastructure before it's used against your organization.

blog-column-img-two

February 29, 2024

Don't get BITTER about being targeted -- fight back with the help of the community.

How StrikeReady helped a SOC prioritize alerts triggered by a previously untagged APT actor.

blog-column-img-three

January 17, 2024

Stealing your email with a .txt file

A blog that describes tracking a targeted threat actor using StrikeReady, passive dns, ssl certificates, and malware analysis.

blog-column-img-four

December 27, 2023

Pivoting through a Sea of indicators to spot Turtles

A blog that describes tracking a targeted threat actor using StrikeReady, passive dns, ssl certificates, and malware analysis.