While it’s important for organizations to implement a threat hunting program as soon as possible, taking time to focus efforts can enable long-term success. Read More
After two months of inactivity following law enforcement actions, GOLD SOUTHFIELD resumed operations and released a new REvil version. The publication of a universal decryptor may help victims compromised prior to the shutdown. Read More
Any organization can be compromised by ransomware and other security incidents, regardless of size. It is important to prioritize security, and outside resources can help when money and skills are limited. Read More
A contrived penetration testing scenario explores how attackers could exploit Active Directory Federated Services via Golden SAML and provides context for two Secureworks penetration testing tools. Read More
Even if penetration testers are granted access that circumvents endpoint detections, countermeasures can detect their Cobalt Strike activity in the environment. Read More
TIN WOODLAWN used a customized version of Cobalt Strike to evade configuration-based detections, but a combination of strategic and tactical countermeasures identifies the activity. Read More
Countermeasures that detect malicious Cobalt Strike activity enabled a compromised organization to mitigate a GOLD LAGOON intrusion before the threat actors deployed ransomware. Read More
Secureworks incident responders investigated a long-running intrusion that involved compromises of SharePoint and Exchange servers and multiple web shells with links to Iranian threat groups. Read More
Leveraging a consistent set of tested principles increases the effectiveness and value of threat hunts, providing greater insight of the organization’s environment and improving subsequent detections of malicious activity. Read More
