While most of us celebrate Labor Day let's all try to take a moment to remember those who don't get to spend time with their loved ones today, wherever they may be and whatever they may be doing!

I don't know how this report slid under my radar but the ESET researched team unveil a "Marioesque" themed adversary, #MoustachedBouncer! They are a cyberespionage group that targets foreign embassies in Belarus with the use of their ISP level access and their tools #NightClub and #Disco. Using their (assumed) unique level of access, they compromise their targets by redirecting them to a fake #Microsoft update site which loads JavaScript code then leads to a zip file being downloaded. The team wasn't able to get the zip file, but they were still able to identify some TTPs and #LOLBINS abuse, such as creating a malicious scheduled task. I hope you enjoy and Happy Hunting!

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #LaborDay

Good day everyone! The Microsoft Threat Intelligence team has discovered activity from a group known as #FlaxTyphoon. They are a nation-state group from China that targeted organizations in Taiwan. While the group leverages tools that are commonly used, like #ChinaChopper, #MetaSploit, and #Mimikatz, they also rely on abusing #LOLBINS, or Living-off-the-land binaries and scripts (tools that exist and come with the native operating system). Some of their TTPs include using registry key modification for persistence, using #powershell, #certutil, or #bitsadmin to download tools, and accessing #LSASS process memory and Security Account Manager registry hive for credential access. This is a great article that not only provides high-level details but it provides a starting point for any organization to start threat hunting by using the technical details provided! Enjoy your weekend and #HappyHunting!

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #readoftheday

Shout out to Malwarebytes Labs team for this #readoftheday! I am a huge fan of anything Living-off-the-land binaries (#LOLBINS) and I this article provides a great description of what they are and how #filelessattacks compare and contrast. Enjoy and Happy Hunting!

Fileless attacks: How attackers evade traditional AV and how to stop them
https://www.malwarebytes.com/blog/business/2023/04/fileless-attacks-how-attackers-evade-traditional-av-and-how-to-stop-them

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting

Happy Monday everyone! Today's #readoftheday focuses on a recently discovered ransomware strain that exhibits some behaviors that have allowed it to fly under the radar of researchers. The #BabLock, or also known as #Rorschach by Check Point Software Technologies Ltd, exploits CVEs and some living-off-the-land (#LOLBINs) to accomplish their goals. Check out the article by Group-IB for the rest of the details! Happy Hunting!

The old way: BabLock, new ransomware quietly cruising around Europe, Middle East, and Asia
https://www.group-ib.com/blog/bablock-ransomware/

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting

If you caught today's #WhattheVuln episode featuring Carlos Yanez discussing Zimbra #security, be sure to check out his write-up on the topic, too! https://bfx.social/3lUL75U

Next month we're back with Lindsay Von Tish and Allan Cecil to talk about #EDR bypassing with #LoLBins.

What does a targeted attack look like? This one begins with #BlackCat finding a weak link to infiltrate the network, pivoting using #LOLBins then using #ExMatter for data exfiltration. #Ransomware https://www.netskope.com/blog/blackcat-ransomware-tactics-and-techniques-from-a-targeted-attack

#WindowsUpdate : vulnérabilité découverte dans les fichiers originels permettant d’introduire des #malwares !

https://blog.sosordi.net/2020/10/windows-update-vulnerabilite-decouverte-dans-les-fichiers-originels-permettant-dintroduire-des-malware-lol.html

#securite #LOLBins

Building a bypass with MSBuild - NEWS SUMMARYLiving-off-the-land binaries (LoLBins) continue to pose a risk to security defenders.We ... more: http://feedproxy.google.com/~r/feedburner/Talos/~3/og5Kb6TOJA0/building-bypass-with-msbuild.html #livingofftheland #threatresearch #silenttrinity #cobaltstrike #meterpreter #covenant #mimikatz #lolbins #malware #msbuild