Decoding Cobalt Strike Traffic, (Sun, Apr 18th)

In diary entry "Example of Cleartext Cobalt Strike Traffic (Thanks Brad)" I share a capture file I found with unencrypted Cobalt Strike traffic. The traffic is unencrypted since the malicious actors used a trial version of Cobalt Strike. This weekend I carried on with the analysis of that traffic, you can see my findings in […]

Continue Reading

Week in review: New DNS vulnerabilities, benefits of cyber threat intelligence, FBI removes web shells

Here’s an overview of some of last week’s most interesting news, articles and podcast: New DNS vulnerabilities have the potential to impact millions of devices Forescout Research Labs, in partnership with JSOF, disclosed a new set of DNS vulnerabilities, dubbed NAME:WRECK. FBI removes web shells from hacked Microsoft Exchange servers Authorities have executed a court-authorized […]

Continue Reading

SysAdmin of Billion-Dollar Hacking Group Gets 10-Year Sentence

A high-level manager and systems administrator associated with the FIN7 threat actor has been sentenced to 10 years in prison, the U.S. Department of Justice announced Friday. Fedir Hladyr, a 35-year-old Ukrainian national, is said to have played a crucial role in a criminal scheme that compromised tens of millions of debit and credit cards, […]

Continue Reading

What are the different roles within cybersecurity?

People talk about the cybersecurity job market like it’s a monolith, but there are a number of different roles within cybersecurity, depending not only on your skill level and experience but on what you like to do. In fact, Cybercrime Magazine came up with a list of 50 cybersecurity job titles, while CyberSN, a recruiting organization, […]

Continue Reading

Attack on Codecov Affects Customers

Company Warns Clients’ Information May Have Been ExfiltratedCodecov, a company that tests software code prior to release, has notified customers that attackers had access to its network for a month and placed malware in one of its systems, which may have led to the exfiltration of customers’ information. Source: Bank Info Security

Continue Reading