Raiders of the Lost ARP

Amateur Security Archaeologists, trying not to break things.

Page 4 of 15

cartoon of a bearded Indiana Jones bruised and battered while sitting on a bed, recovering from a cyber beating.
I'm getting too old for this. I don't bounce back like I used to.

What’s causing Mike’s Indigestion now? Everybody Hurts (19 April 2024)

April 20, 2024 /

I was on the road until yesterday, but I wanted to get back on the blog and update horse. So here we are! After learning about and supporting the launch of a new solution, I got sucked into some saved news articles and blogs on the trip home that convinced me we need to rethink a lot of things to get caught up with adversaries. Ransomware operators are constantly evolving, we should too! And no one has it figured out, as we’ll see in a couple of paragraphs. So let’s think outside of the magic quadrants and waves about new ways to solve our problems.

Continue reading
cartoon of cartoon of a middle-aged & bearded indiana jones running away from a Volt Typhoon
I know I am vulnerable, but lightning really doesn't ascribe to a single TTP, does it?

What’s causing Mike’s Indigestion now? Stormy Nights (12 April 2024)

April 11, 2024 /

Hey folks! After a busy week, I am finally sitting down to see what is new in the world of threat actors and trends. We’re barrelling into Friday with a lot of attention on probably THE key software vendor in the world (Microsoft), and more attention on Volt Typhoon. Yet even hardware vulnerabilities are a thing, and it just goes to show how our supply chain is riddled with dependencies. And those dependencies open doors to vulnerabilities. So let’s check in and see some of the more interesting threads!

Continue reading
cartoon showing a software supply chain being stretched to the breaking point while two big businessmen pull it in opposite directions
It seemed like such a good idea to do a stock buyback rather than support open source solutions we depend on!

What’s causing Mike’s Indigestion now? Supply Chain Heist (5 April 2024)

April 4, 2024 /

Happy weekend, folks! Loads of cool stuff going on in the day job, but lots chatter focused on 2 areas on opposite sides of the software ecosystem. The resourcefulness of adversaries never ceases to amaze me. Both stories offer a lot of intricate technical details, but the big takeaway is that we’re in serious trouble unless we tackle best-practices, hygiene, and find support for the massive base of open source projects. So let’s get going!

Continue reading
cartoon of a middle-aged and bearded Indiana Jones who is trying to squeeze into an army uniform while hiding behind a stack of crates.
I wonder how long I have to wait before the attack - I can't hold it much longer!

Persistence: How Uninvited Attackers Avoid Being Bounced from the Party

April 2, 2024 /

Hello folks – welcome to Part 5 of the series on MITRE ATT&CK Tactics! Today we’re talking about how adversaries maintain a foothold. Like any invading force, threat actors work hard to ensure that they get initial access, and they would rather not have to repeat that effort. Traditional aggressors most often resolve to maintaining pressure on the front once their initial attack lands. This has the effect of exhausting the defenders and ensuring they are unable to reset or respond effectively. Some attackers will leverage asymmetrical warfare elements like guerilla forces, local resistance forces, or agents to undermine defenses and guarantee access. Cyber adversaries need the same sort of effects, and that guaranteed access is arguably their highest priority. So let’s discuss the MITRE ATT&CK Persistence tactic and see why it is vital and how they might achieve it!

Continue reading
a cartoon of a bunch of computer hackers who look like the rolling stones
This isn't quite the tour we had in mind, lads! Good thing Keith's good at persistence...

What’s causing Mike’s Indigestion now? Real Stones on that one! (29 Mar 2024)

March 28, 2024 /

Wow, I am so sorry folks! it has been 3 weeks between updates – as I mentioned on LinkedIn, things have been busy on the travel front! In that crazy time, a lot of interesting things have happened that are worth a good look! Much of the biggest news this week in the world of threats is on another one of our state sponsored threat actors, APT31, so let’s see what the buzz is about.

Continue reading
« Older posts Newer posts »

© 2025 Raiders of the Lost ARP

Theme by Anders NorenUp ↑

Verified by MonsterInsights