Raiders of the Lost ARP

Amateur Security Archaeologists, trying not to break things.

Tag: Cyber (Page 5 of 6)

AI-generated rendering of a ghost that is dripping with sugar icing. Pretty nasty!
SugarGh0st just got their dental bill...

What’s causing Mike’s Indigestion now? Diabetic Ghosts! (1 Dec 2023)

December 1, 2023 /

Good morning folks! I know I slacked off last week, but I finally have some updates on the threat side of things that we all should be aware of:

Continue reading

Uncover hidden enemies with ATT&CK Detection and Analytics

November 15, 2023 /

As we saw in our last post, Threat Intelligence is a huge focus. But what good does intelligence do if we never act on it? If your organization is leveraging a SIEM or XDR, or using tools that allow for custom detection content to be added, then you use detection and analytics. ATT&CK includes data on detection and mitigation techniques, which presents you with sound guidance on where to start detecting each technique’s use in your environments. These underappreciated features of the ATT&CK database are fantastic in guiding all manner of blue team operators, and they provide a jump start to achieving greater security. Detection (or what they now call Data sources) and Mitigations give us homework. Before we can act, we must see – so let’s see how ATT&CK can help with Detection.

Continue reading
Who am I to tell a bear that being called “Sandworm” is a little odd? C’mon, at least I didn’t call you your Microsoft APT name…

What’s causing Mike’s Indigestion now? Helpless Victims (10 Nov 2023)

November 9, 2023 /

Good morning folks! I have some updates on the threat side of things that I think are interesting and might help in conversations with your friends and colleagues.

Cisco Talos has updated their blog on the IOS-XE implant that caused a ruckus a couple of weeks ago. They now know it is still progressing, and the Lua-based implant is called BadCandy and already at version 3.0. Some of us would kill for that sort of release cycle! As before, fixed code is available for all impacted devices, but if you are struggling to make the upgrade happen, new curl commands are available to check for compromise.

Continue reading

Thwart APTs and unveil secrets with ATT&CK’s Threat Intelligence

November 8, 2023 /

As you saw in the previous post, ATT&CK is loaded with potential to hit a lot of use cases. Most CTI organizations are at least considering the use of ATT&CK to structure their reports and feeds. It provides analysts with a common language and structure. ATT&CK fosters better collaboration and easier consumption of the findings for all, including you and your tools.

old-school picture of an OSS spy with his radio in the mountains
I’ve gotta get my inputs back to HQ before they publish ATT&CK v15!
Continue reading
An older adventurer is running from a massive fire, indicating that he was not ready for just how bad it would be.
Well this week went about as well as could be expected...

What is causing Mike’s Indigestion now? Ransomware is sooo last year (3 Nov 2023)

November 3, 2023 /

Good morning folks! I have some updates on the threat side of things that I think are interesting and might help in conversations with your friends and colleagues:

Ugh, Ransomware. Again.

Continue reading
« Older posts Newer posts »

© 2024 Raiders of the Lost ARP

Theme by Anders NorenUp ↑

Verified by MonsterInsights