Raiders of the Lost ARP

Amateur Security Archaeologists, trying not to break things.

Page 4 of 15

What’s causing Mike’s Indigestion now? Everybody Hurts (19 April 2024)

I was on the road until yesterday, but I wanted to get back on the blog and update horse. So here we are! After learning about and supporting the launch of a new solution, I got sucked into some saved news articles and blogs on the trip home that convinced me we need to rethink a lot of things to get caught up with adversaries. Ransomware operators are constantly evolving, we should too! And no one has it figured out, as we’ll see in a couple of paragraphs. So let’s think outside of the magic quadrants and waves about new ways to solve our problems.

Continue reading

What’s causing Mike’s Indigestion now? Stormy Nights (12 April 2024)

Hey folks! After a busy week, I am finally sitting down to see what is new in the world of threat actors and trends. We’re barrelling into Friday with a lot of attention on probably THE key software vendor in the world (Microsoft), and more attention on Volt Typhoon. Yet even hardware vulnerabilities are a thing, and it just goes to show how our supply chain is riddled with dependencies. And those dependencies open doors to vulnerabilities. So let’s check in and see some of the more interesting threads!

Continue reading

What’s causing Mike’s Indigestion now? Supply Chain Heist (5 April 2024)

Happy weekend, folks! Loads of cool stuff going on in the day job, but lots chatter focused on 2 areas on opposite sides of the software ecosystem. The resourcefulness of adversaries never ceases to amaze me. Both stories offer a lot of intricate technical details, but the big takeaway is that we’re in serious trouble unless we tackle best-practices, hygiene, and find support for the massive base of open source projects. So let’s get going!

Continue reading

Persistence: How Uninvited Attackers Avoid Being Bounced from the Party

Hello folks – welcome to Part 5 of the series on MITRE ATT&CK Tactics! Today we’re talking about how adversaries maintain a foothold. Like any invading force, threat actors work hard to ensure that they get initial access, and they would rather not have to repeat that effort. Traditional aggressors most often resolve to maintaining pressure on the front once their initial attack lands. This has the effect of exhausting the defenders and ensuring they are unable to reset or respond effectively. Some attackers will leverage asymmetrical warfare elements like guerilla forces, local resistance forces, or agents to undermine defenses and guarantee access. Cyber adversaries need the same sort of effects, and that guaranteed access is arguably their highest priority. So let’s discuss the MITRE ATT&CK Persistence tactic and see why it is vital and how they might achieve it!

Continue reading

What’s causing Mike’s Indigestion now? Real Stones on that one! (29 Mar 2024)

Wow, I am so sorry folks! it has been 3 weeks between updates – as I mentioned on LinkedIn, things have been busy on the travel front! In that crazy time, a lot of interesting things have happened that are worth a good look! Much of the biggest news this week in the world of threats is on another one of our state sponsored threat actors, APT31, so let’s see what the buzz is about.

Continue reading
« Older posts Newer posts »
Verified by MonsterInsights