This post was written by John Dwyer, Director of Security Research at Binary Defense, and made possible through the contributions of TrustedSec Senior Research Analyst Kevin Haubris and Eric Gonzalez of Binary Defense. ARC Labs recently recovered a tool …
In a previous blog, we discussed how the “businessification” of cybercrime has coalesced around tried and true tools, techniques, and procedures, giving us a solid understanding of how these attacks happen. Security product vendors have made massive …
By ARC Labs contributor, Shannon Mong ARC Labs recently analyzed a sample of the Wineloader backdoor for infection chain analysis and detection opportunities to help defenders protect their organizations. Through this analysis, ARC Labs is providing …
By ARC Labs contributors, John Dwyer and Harold Tabellion In April 2024, security researcher Meowmycks released a LetMeowIn which was designed to harvest credentials from the LSASS process on Microsoft Windows systems. In this blog, ARC Labs will provide …
Operating a business within the modern threat landscape can often appear like an impossible task. With a constant stream of new vulnerabilities, malware, and adversaries flowing, security leadership can often become overwhelmed and stuck in “analysis …
In April 2022, Microsoft released a report detailing how the “Tarrask” malware manipulated the Security Descriptor of Scheduled Tasks as a defense evasion technique to hide malicious scheduled tasks from discovery using traditional audit tools such as …
ARC Labs and Binary Defense are actively monitoring a compromise of data associated with Sisense, a company that provides data analytic product and services. At this point, it is unknown if the Sisense’s network was compromised but independent researchers …
ARC Labs recently analyzed a phishing email used in a credential harvesting campaign that leveraged a lure notifying the target they received a voice message and needed to visit a link to access it. Analysis of the payload revealed heavily obfuscated HTML …
New QakBot Campaign Qakbot, also known as QBot, is a banking trojan and botnet that has been active since 2008. However, last year, the servers associated with Qakbot were taken down in a multinational law enforcement operation called Operation Duck Hunt …
Research and Analysis by Jace Walker (@jw4lsec), Threat Researcher at Binary Defense An analysis conducted by Binary Defense has revealed valuable insights into the workings of MalSync malware, also known as the DuckTail PHP variant. The analysis covers …
Effective cybersecurity relies on selecting the right metrics to inform and guide decision-making, but determining the right metrics is not always clear. Metrics that matter are tailored to the needs of all stakeholders, from analysts to board members—and …
A robust IR plan ensures that an organization is prepared to respond swiftly and efficiently to potential threats. Coordinating IR planning with your Managed Detection and Response (MDR) partner is an essential component. Successful defense requires …
The role of deception technology in modern cybersecurity is to turn the tables on cybercriminals, transforming networks from passive targets into active traps. Deception gives security teams the chance to use hackers’ own methods against them, as well as …
Open Extended Detection and Response (XDR) marks a paradigm shift in enterprise security, focusing on using comprehensive data insights to enhance threat detection and response across diverse systems and environments. This approach champions flexibility …
Digital risk protection is the strategy and implementation of protecting an organization’s data, reputation, and digital assets from online threats. DRP extends across visible, deep, and dark web environments to identify and mitigate risks that could …
Hypothesis-driven threat hunting is a tailored, proactive, and deeply analytical approach to cybersecurity. It leverages the acumen of seasoned security experts to predict and pre-empt potential attack vectors, delivering a dynamic and robust defense …
By Adam Paulina, Threat Researcher Intern Usually when we think of malware infections, we think of malicious programs running on top of the operating system, usually Windows. These programs might use techniques like privilege escalation, running in memory …
By David Kennedy, Co-Founder & Chief Hacking Officer In cybersecurity today, AI and ML are integral components driving change. While AI and ML-related marketing language might be running amok, the reality is that these technologies aren’t just …
What Is Signature-Based Detection? Signature-based detection is a method used in cybersecurity to identify threats based on known attributes. In this model, specific atomic indicators such as file hashes, IP addresses, and domain names are extracted from …
A Write-Up by TrustedSec’s Research Lead Carlos Perez and Binary Defense’s Research Lead Jonathan Johnson Introduction While it is important to discover new tradecraft, it is equally important to explore well-established and widely used techniques. The …
