Advanced hunting

Motivated miners

In recent months, multiple security vendors published articles about “motivated miners”—attackers who take advantage of tools, techniques, and procedures (TTPs) developed by advanced threat actors…

Read more

Microsoft Defender Advanced Threat Protection

Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Microsoft Defender ATP protects…

Read more

CVE-2018-15982 exploit attacks

In late November 2018, a targeted attack against a medical institution in Russia exploited CVE-2018-15982, a zero-day remote code execution vulnerability in Adobe Flash Player. Adobe…

Read more

Windows 7 zero-day for CVE-2019-0808

Researchers from Google's Threat Analysis Group notified Microsoft that they discovered evidence of a zero-day exploit active in the wild since late February 2019. The…

Read more

BARIUM targets gaming supply chains

Enterprise security personnel often assume that legitimate software products are inherently trustworthy. If an attacker takes over a legitimate app or service, they gain a…

Read more

ShadowHammer supply chain attack

The software supply chain continues to be a popular channel for launching attacks. Publicly available reports indicate that attackers have reached a large number of devices through…

Read more

WinRAR CVE-2018-20250 exploit

On February 20, 2019, researchers from Check Point Software Technologies revealed a flaw in WinRAR, a popular third-party compression app. The flaw (CVE-2018-20250) had existed…

Read more

SQL Server abuse

Attacks involving SQL Server can be difficult to respond to because SQL Server comes with vast array of tools for automation, scheduling, and data import…

Read more

Msiexec abuse

Attackers are opportunistic in that they will operate with any available tools and resources, resulting in overlapping tactics, techniques, and procedures (TTPs). Many well-known, highly…

Read more