active adversary – PossibleThreat Articles

RD Web Access abuse: Fighting back

June 14, 2024 0 Comments active adversary, active adversary report, featured, Incident Response, RDP, security operations, sophos x-ops, threat research

Credit to Author: Angela Gunn| Date: Wed, 12 Jun 2024 18:59:54 +0000

Investigation insights and recommendations from a recent welter of incident-response cases

Security Sophos

It’s Oh So Quiet (?): The Sophos Active Adversary Report for 1H 2024

April 15, 2024 0 Comments active adversary, active adversary report, case study, featured, Incident Response, RDP, threat research

Credit to Author: Angela Gunn| Date: Wed, 03 Apr 2024 10:01:37 +0000

The latter half of 2023 found numerous fronts on which attackers failed to press ahead. Are defenders failing to take advantage?

Security Sophos

Remote Desktop Protocol: The Series

March 20, 2024 0 Comments active adversary, featured, Incident Response, incident response tools, mdr, RDP, security operations, sophos x-ops, threat research

Credit to Author: Angela Gunn| Date: Wed, 20 Mar 2024 16:18:21 +0000

What is RDP, why is it a very nearly ubiquitous finding in incident response, and how can investigators run it to ground it when it goes wrong? An Active Adversary Special Report

Security Sophos

‘AuKill’ EDR killer malware abuses Process Explorer driver

April 19, 2023 0 Comments active adversary, active adversary playbook, anti-edr, aukill, backstab, EDR, edr killer, featured, malware, process explorer, procexp, sophos x-ops, targeted attacks, threat research

Credit to Author: Andrew Brandt| Date: Wed, 19 Apr 2023 10:00:43 +0000

Driver based attacks against security products are on the rise

Security Sophos

Defenders vs. Adversaries: The Two-Speed Cybersecurity 2023 Race

April 4, 2023 0 Comments active adversary, EDR, Endpoint, featured, mdr, Network, products & services, security operations, XDR

Credit to Author: Sally Adam| Date: Tue, 04 Apr 2023 09:45:12 +0000

Slowed by multiple headwinds, defenders are falling behind while adversaries continue to accelerate. Organizations need to speed up the defender flywheel to enable them to pull ahead.

Security Sophos

Cookie stealing: the new perimeter bypass

August 18, 2022 0 Comments active adversary, cookie theft, featured, information stealers, infostealer malware, sophos x-ops, threat research

Credit to Author: gallagherseanm| Date: Thu, 18 Aug 2022 11:00:50 +0000

As organizations move to cloud services and multifactor authentication, cookies tied to identity and authentication give attackers a new path to compromise.

Security Sophos

S3 Ep86: The crooks were in our network for HOW long?! [Podcast + Transcript]

June 9, 2022 0 Comments active adversary, mdr, mtr, Naked Security Podcast, Podcast, vulnerability, zero day

Credit to Author: Paul Ducklin| Date: Thu, 09 Jun 2022 13:07:36 +0000

Latest episode – listen (or read) now!

Security Sophos

The Active Adversary Playbook 2022

June 7, 2022 0 Comments active adversary, artifacts, attack tools, cobalt strike, Cryptomining, cyberattacks, cyberthreats, dwell time, Exploit, featured, initial access broker, malware delivery system, mitre, proxylogon, proxyshell, Ransomware, Ransomware as a Service, security operations, sophos rapid response, vulnerability

Credit to Author: Tilly Travers| Date: Tue, 07 Jun 2022 11:02:43 +0000

Cyberattacker behaviors, tactics and tools seen on the frontline of incident response during 2021

Security Sophos

The Ransomware Threat Intelligence Center

March 17, 2022 0 Comments active adversary, astrolocker, atom silo, avaddon, avos locker, black kingdom, blackmatter, conti, cring, darkside, dearcry, dharma, egregor, entropy, epsilon red, featured, gandcrab, karma, lockbit, lockfile, maze, memento, midas, nefilim, netwalker, python, ragnar locker, ragnarok, Ransomware, revil, robbinhood, ryuk, SamSam, security operations, snatch, sophos threat report, WannaCry, wastedlocker

Credit to Author: Tilly Travers| Date: Thu, 17 Mar 2022 09:13:50 +0000

A collection of Sophos threat research articles and security operations reports related to new or prevalent ransomware groups from 2018 to the present. The content will be updated as new research is published