Why your threat hunting program building shouldn’t stop once the engagement is over

September 14, 2021
By in Incident Response, Incident Response & Forensics, Threat Hunting

Let’s see, it looks like your organization just met an annual Threat Hunting assessment compliance requirement or achieved the introductory objective of experiencing a formal Threat Hunting assessment. Well done! Now, what should the organization take into consideration after successfully completing the assessment? Once a third-party Threat Hunting assessment concludes, many organizations may feel overwhelmed…

Read

Is Cyber Insurance Becoming Worthless?

August 17, 2021
By in Decision Making, Incident Response, Incident Response & Forensics, Leadership, Remediation Assistance & Training, Security Remediation

New challenges have emerged that make it difficult to transfer risk. Ransomware has changed the game An overlooked yet the increasingly important challenge in information risk management is finding the right balance between cybersecurity and cyber insurance. We continue to see organizations hit with ransomware from a variety of vectors, including spam emails, drive-by downloads,…

Read

The Backup Paradigm Shift: Moving Toward Attack Response Systems

June 15, 2021
By in Attack Path Effectiveness Review, Business Risk Assessment, Incident Response, Incident Response & Forensics, Malware Analysis, Program Assessment & Compliance, Security Program Assessment, Security Testing & Analysis, Virtual CISO

Black Hawk Down I’m guessing a lot of us in the IT and Security space have experienced the gut wrenching feeling of not receiving that ICMP ping reply you were expecting from a production system, be it a firewall, switch, or server. Was there a recent configuration change that happened prior to the last reboot?…

Read

TrustedSec Incident Response Team Slack AMA 02.17.2021

March 16, 2021
By in Incident Response, Incident Response & Forensics, Threat Hunting

On February 17, 2021 TrustedSec hosted an ‘Ask Me Anything’ on our Slack Workplace with TrustedSec’s Incident Response Team. Many great questions were asked and lots of information exchanged that we didn’t want to get lost with time, so we’ve put together this blog with questions and the conversation that blossomed from them. Please note:…

Read

New Service Launched in Response to Hafnium Attacks

March 10, 2021
By in Incident Response, Incident Response & Forensics

Over the last several days, many organizations have been affected by the Microsoft Exchange Hafnium attacks. As a result, TrustedSec’s Incident Response team has gained a lot of experience in a very short time on how to respond to these attacks and what to look for. Many of the compromised servers we have examined were…

Read

Who Left the Backdoor Open? Using Startupinfo for the Win

February 18, 2021
By in Incident Response, Incident Response & Forensics, Table-Top Exercises, Technical Counter Surveillance Measures, Threat Hunting

In the endless quest to research additional Windows system forensic artifacts to use during an Incident Response investigation, I stumbled across something I thought was cool. This definitely wasn’t a new artifact, it was just a specific native Windows XML file that I wasn’t aware of. I noticed this file was not commonly used from…

Read

RisingSun: Decoding SUNBURST C2 to Identify Infected Hosts Without Network Telemetry

January 14, 2021
By in Incident Response, Incident Response & Forensics

Nearly three weeks after news regarding the widespread compromise of SolarWinds Orion customers became public, TrustedSec continues to receive inquiries from clients seeking more granular detail about the nature of the compromise. In most cases, clients have received a list of command and control (C2) domains from a major vendor and require assistance in investigating…

Read

SolarWinds Backdoor (Sunburst) Incident Response Playbook

December 17, 2020
By in Incident Response, Incident Response & Forensics, Research, Security Remediation, Security Testing & Analysis, Technical Counter Surveillance Measures, Threat Hunting

Over the last several days, TrustedSec has received queries on the best ways to contain, eradicate, and remediate the SolarWinds backdoor (aka #solarigate aka Sunburst). The TrustedSec Incident Response team has put together a playbook of recommended actions to provide some level of assurance that your organization is no longer affected by the backdoor. This…

Read

SolarWinds Orion and UNC2452 – Summary and Recommendations

December 14, 2020
By in Incident Response, Incident Response & Forensics

In the wake of recent revelations regarding a supply chain compromise of the SolarWinds Orion platform by a nation-state actor, and subsequent targeting of private sector and government organizations by said actor, the TrustedSec Incident Response team is releasing the following summary and guidance. This guidance reflects information from industry counterparts as well as recommendations…

Read

The Tale of the Lost, but not Forgotten, Undocumented NetSync: Part 1

October 27, 2020
By in Active Directory Security Review, Incident Response, Incident Response & Forensics, Penetration Testing, Program Assessment & Compliance, Purple Team Adversarial Detection & Countermeasures, Security Testing & Analysis, Threat Hunting

They say, “Everything old is new again.” Or, if you are a Game of Thrones fan, “What is dead may never die.” For me, however, a mentor once told me, “Everyone is going forward. I’m going backward.” Enter NetSync… I find Twitter to be a good source for InfoSec tactics, techniques, and procedures (TTPs). Anytime…

Read

  • Search the blog

  • Search by Author

  • Browse by date

  • Browse by Category

  • Clear Form