Impacket is a collection of Python-based scripts designed for manipulating network protocols and exploiting Windows services. It contains several tools for remote service execution, Kerberos manipulation, Windows credential dumping, packet sniffing, and relay attacks.  Although Red teamers use Impacket for authorized testing, threat actors frequently misuse it for lateral movement, privilege escalation, and data exfiltration […]

The Sosano backdoor emerged in late 2024 as a stealthy malware strain. It was used in a highly targeted campaign against organizations in critical sectors, including aviation, satellite communications, and transportation infrastructure. What sets the Sosano backdoor apart is its use of polyglot files – a rare and sophisticated technique that allows malware to masquerade […]

Cloud native security involves the practices and tools used to protect applications and infrastructures built in cloud-native technologies like microservices, containers, and orchestrators. Continuous monitoring and real-time threat detection are required to identify and mitigate unauthorized activities within cloud-native environments. By observing system behavior at runtime, security tools can detect security violations and respond to […]

Detecting data exfiltration is an important aspect of maintaining cybersecurity, especially when attackers leverage native system tools to evade detection. This technique, known as Living Off the Land (LOTL), involves the misuse of legitimate utilities in the operating system, making malicious activities blend with normal operations. Advanced Persistent Threat (APT) groups commonly use LOTL techniques, […]

Peaklight malware is an information stealer designed to collect sensitive data from compromised endpoints. It is frequently distributed through underground channels and, in some cases, offered as a Malware-as-a-Service (MaaS). Its flexible structure and frequent updates make it a continuously evolving and potent threat, capable of bypassing conventional security measures. Peaklight leverages multiple anti-analysis mechanisms […]

Maintaining the security of containerized environments is an important part of modern IT infrastructure. Vulnerabilities in container images and runtime environments expose organizations to significant risks, which makes proactive vulnerability scanning an essential practice. Trivy is an open source vulnerability scanner designed for containers, filesystems, and software dependencies. It supports a range of targets including […]

Lynx ransomware is a sophisticated malware threat that has been active since mid-2024, with over 20 victims across various industries. It primarily targets Windows operating systems, encrypting files using the Advanced Encryption Standard (AES) with a 128-bit key in CTR mode, and employs double extortion, threatening to leak stolen data. Operated by the Lynx ransomware […]

Organizations face challenges connecting Cyber Threat Intelligence (CTI) and Digital Forensics and Incident Response (DFIR) efforts. Effective collaboration between these domains is necessary for addressing threats proactively and efficiently. Yeti (Your Everyday Threat Intelligence) is an open source Forensics Intelligence platform that helps bridge the gap between CTI and DFIR efforts. It provides DFIR teams […]

Brain Cipher is a ransomware strain that surfaced in the middle of 2024, rapidly making its presence felt across various sectors worldwide. Its popularity skyrocketed following a high-profile attack on Indonesia’s National Data Center, which disrupted over 200 government agencies and critical public services, including immigration systems. Built on the leaked LockBit 3.0 builder, Brain […]