Any organization can be compromised by ransomware and other security incidents, regardless of size. It is important to prioritize security, and outside resources can help when money and skills are limited. Read More
A contrived penetration testing scenario explores how attackers could exploit Active Directory Federated Services via Golden SAML and provides context for two Secureworks penetration testing tools. Read More
Even if penetration testers are granted access that circumvents endpoint detections, countermeasures can detect their Cobalt Strike activity in the environment. Read More
TIN WOODLAWN used a customized version of Cobalt Strike to evade configuration-based detections, but a combination of strategic and tactical countermeasures identifies the activity. Read More
Countermeasures that detect malicious Cobalt Strike activity enabled a compromised organization to mitigate a GOLD LAGOON intrusion before the threat actors deployed ransomware. Read More
Secureworks incident responders investigated a long-running intrusion that involved compromises of SharePoint and Exchange servers and multiple web shells with links to Iranian threat groups. Read More
Leveraging a consistent set of tested principles increases the effectiveness and value of threat hunts, providing greater insight of the organization’s environment and improving subsequent detections of malicious activity. Read More
Commonalities revealed during multiple Secureworks incident response engagements provided insights into the GOLD WINTER threat group’s tactics, techniques, and procedures. Read More
Threat actors can abuse legitimate and even verified OAuth applications to conduct phishing attacks. Secureworks has developed the PhishInSuits tool to enable organizations to simulate these attacks and improve defenses. Read More
