CharCNNs and PowerShell Scripts: Yet Another Fight Against Malware
Malware in the Scripting Landscape Scripting is a well-known means of spreading malware. Easy to write and often difficult for…
Staying Off the Land: A Threat Actor Methodology
With offense-focused methodologies being created around “living off the land” and “bring your own land,” we would like to cover…
CrowdStrike Falcon Dominance Evident in MITRE ATT&CK Evaluation With 100% Detection Across All 19 Attack Phases
This week marks the release of results from the second iteration of MITRE’s recurring ATT&CK Evaluation program, and I could…
Exploiting GlobalProtect for Privilege Escalation, Part Two: Linux and macOS
This is the second blog in a two-part series covering the exploitation of the Palo Alto Networks GlobalProtect VPN client…
Exploiting GlobalProtect for Privilege Escalation, Part One: Windows
The CrowdStrike® Intelligence Advanced Research Team discovered two distinct vulnerabilities in the Windows, Linux and macOS versions of the Palo…
Malspam in the Time of COVID-19
As the new coronavirus, COVID-19, spreads around the planet, many people are filled with emotions like fear, uncertainty and hope…
Online Learning: Staying Ahead of Cyber Threats Anytime and Anywhere
While COVID-19 is requiring many people to remain at home, cyber threats are continuing — and even escalating as adversaries…
Targeted Dharma Ransomware Intrusions Exhibit Consistent Techniques
Since at least 2018, criminal actors have been conducting big game hunting (BGH) campaigns, deploying ransomware on a targeted scale…
Threat Hunting Uncovers More Intrusions Against Healthcare in Midst of COVID-19 Pandemic
In recent weeks and months, the world has witnessed the global COVID-19 pandemic place unprecedented pressure on the healthcare system.…
Why You Should Self-Isolate but Your IT Infrastructure Should Not
The term “social distancing” has swept across the world. It is an incredibly important response measure during a pandemic. The…