Become The Malware Analyst Series: Malicious Code Extraction and Deobfuscation

July 7, 2020

In this video, Senior Incident Response & Research Consultant Scott Nusbaum demonstrates a method to extract and deobfuscate code from a malicious document. Upon rendering the code readable, Nusbaum works to gain an understanding of the goals the malware was attempting to accomplish and the processes by which it undertook that effort. This video is…

Read

Are You Looking for Ants or Termites?

July 1, 2020

Over the last several months, I’ve noticed something when discussing Incident Response (IR) with clients. There is often confusion between the expectation and reality concerning the end results of an IR investigation. My goal here is to clarify and set those expectations, and to show how Threat Hunting factors in. When TrustedSec gets called to…

Read

Adventures in Phishing Email Analysis

June 18, 2020

Opening Phishing attacks are a daily threat to all organizations and unfortunately, they are one of the hardest threats to protect against. No matter how many defensive layers an organization has put in place following best practice defense-in-depth design, it only takes one (1) user to click on that malicious link or open that weaponized…

Read

Attacks on the Rise Through Office 365

September 17, 2019

Office 365 is the most popular line of digital services for businesses for a reason, but when it comes to cyberattacks, its ubiquity is creating challenges. If it seems like every week there’s a new headline about a large-scale hacking incident, it’s not a case of rampant fake news. According to the 2018 Symantec Internet Security…

Read
hunting for meaning blog post graphic

Indicators of Compromise – Hunting for Meaning (Part 2)

April 11, 2019

In part one of this blog post series, we briefly looked at why IoC threat data enrichment is important, the value of knowing who your enemy is, and the process of turning threat data into threat intelligence. If you haven’t had a chance to read the first part of this series, take a few minutes…

Read
hunting for meaning blog post graphic

Indicators of Compromise – Hunting for Meaning (Part 1)

April 9, 2019

By the time an Incident Response consultant is contacted, the security event in question is already in motion. So, the goals become: rapid triage, assist in identifying the related threat risks, and make every effort to identify the threat actors involved. Attribution is very difficult when dealing with seasoned and well-funded threat actors, but it…

Read
Adventures of an RDP Honeypot: Part 2 graphic

Adventures of an RDP Honeypot – Part Three: Creation of an RDP Honeypot

February 1, 2019

Welcome to the third and final part of the blog series on the RDP honeypot that I set up. The first part took a look at RDP and how it can be better secured, while the second post analyzed what the attackers did once they got into the honeypot. In this post I’ll talk about…

Read
Adventures of an RDP Honeypot: Part 2 graphic

Adventures of an RDP Honeypot – Part Two: Know Your Enemy

January 28, 2019

Welcome to part two of the three-part series on the Remote Desktop Protocol (RDP) honeypot I set up. In the first post, I discussed ways that RDP can be configured to be more secure (and how you should NEVER put it on the Internet). In this part, I’ll talk about what happened when my honeypot…

Read
Adventures of an RDP Honeypot: Part 2 graphic

Adventures of an RDP Honeypot – Part One: RDP Security

January 25, 2019

Over the last several months, TrustedSec has noticed a common thread in the root cause of incidents we’ve investigated: Microsoft Remote Desktop Protocol (RDP) open to the Internet. RDP on the Internet is a very bad idea. Attackers are constantly searching for, and breaking into, systems set up in this way. Once in, they can…

Read
PROXMOX logo

Malware Analysis is for the (Cuckoo) Birds – Working with Proxmox

May 29, 2018

For quick access to the repo, click here. This post will be on how to setup and modify Cuckoo to work with a non-supported hypervisor, Proxmox. “Proxmox VE is a complete open-source platform for all-inclusive enterprise virtualization that tightly integrates KVM hypervisor and LXC containers, software-defined storage and networking functionality on a single platform, and…

Read
  • Browse by Category

  • Clear Form