Possibly good hunting/dfir artifact?🤔 Htm file dropped to Temporary Internet Files directory, VT Livehunt gives me solid results (running for 2 hr). #CVE202140444

Sigma rule to detect file creation pattern as noticed in CVE-2021-40444 exploitation Report by Ronny x.com/RonnyTNL/statu… Sysmon config change github.com/Neo23x0/sysmon… Sigma rule github.com/SigmaHQ/sigma/…

Interesting report about #cobaltstrike . We have here both what techniques are used by threat actors, but also how to emulate them. And, of course, detect. I’m very pleased that the Sigma rule created by Florian Roth ⚡️ and me was mentioned.

Cobalt Strike, a Defender's Guide - Part 2 ➡️In this report we talk about domain fronting, SOCKS proxy, C2 traffic, Sigma rules, JARM, JA3/S, RITA & more. Big shout-out to Kostas for helping put this together! thedfirreport.com/2022/01/24/cob…

Simple #yara rule for #SocGholish fake update JS files. github.com/Neo23x0/signat…

One more down: 👇"bentley aka "Max Galochkin" aka "volhvb" aka Conti ransomware group technical lead - his unique alias "volhvb" logged into RaidCall via his own YouTube video youtube.com/watch?v=K2OmGB… ➡️into alias "volhvb" in Conti chats

Fun #Follina (and not only) fact, you can add whatever after the '!' and exploit still works 🙃

This is a good #Shodan exercise and if you look closely you'll see that one of the TAs is a prankster. But the joke's on him, you can #Rickroll to find additional malicious infrastructure 🕺 x.com/MichalKoczwara…

We just released a new research about #Rilide Stealer on #SpiderLabs Blog. It features new functionalities, adaptation to Google Chrome Manifest V3 and some interesting in the wild campaigns 🔥 trustwave.com/en-us/resource…