Announcement

Collapse
No announcement yet.

Happy IR in the New Year!

Collapse
X
Collapse

  • Happy IR in the New Year!

    Endpoint anal In IR cases we use a very simple script that is uploaded to every Windows computer in the corporate network to collect logs, NTFS data, entries from the Windows registry and strings from the binary files to find out how exactly the attackers were moving through the network. It’s holiday season and it is our pleasure to share this script with you.

    More...
      Posting comments is disabled.

    Categories

    Collapse

    Article Tags

    Collapse

    Latest Articles

    Collapse

    • Online generators… of dashed expectations
      willie
      Quite recently, we started to designate an entire class of sites — gift card generators — as fraudulent, despite their not stealing any money or personal data from visitors. Why? Let's try to unpick these sites and see how they work.

      More...
      Today, 10:05
    • The return of Fantomas, or how we deciphered Cryakl
      willie
      This spring marked the fourth anniversary of the malware's first attacks. Against the backdrop of a general decline in ransomware activity (see our report), we decided to return to the topic of Cryakl and tell in detail about how one of the most eye-catching members of this endangered species evolved.

      More...
      17-07-2018, 13:10
    • In cryptoland, trust can be costly
      willie
      While the legal status of cryptocurrencies and laws to regulate them continue to be hammered out, scammers are busy exploiting the digital gold rush. Besides hacking cryptocurrency exchanges, exploiting smart-contract vulnerabilities, and deploying malicious miners, cybercriminals are also resorting to more traditional social-engineering methods that can reap millions of dollars.

      More...
      15-07-2018, 10:59
    • Coinvault, the court case
      willie
      Today, after almost 3 years of waiting, it was finally the day of the trial. In the Netherlands, where the whole case took place, the hearings are open to the public. Meaning anyone who is interested can visit. And it was quite busy.

      More...
      13-07-2018, 18:03
    • APT Trends Report Q2 2018
      willie
      These summaries are a representative snapshot of what has been discussed in greater detail in our private reports during Q2 2018. They aim to highlight the significant events and findings that we feel people should be aware of.

      More...
      11-07-2018, 10:36
    • To crypt, or to mine – that is the question
      willie
      Way back in 2013 our malware analysts spotted the first malicious samples related to the Trojan-Ransom.Win32.Rakhni family. That was the starting point for this long-lived Trojan family, which is still functioning to this day. Now the criminals have decided to add a new feature to their creation – a mining capability.

      More...
      07-07-2018, 14:50
    Working...
    X