PinnedNo Need to Panic: The Linux Kernel Panic CrowdStrike IssueFor about a week, I’ve noticed a sub-topic trend in the news articles and discussions regarding CrowdStrike’s infamous Blue Screen of Death…Jul 30Jul 30
Part-time Threat Hunting: Considering its EfficacyThis article is my response to two excellent blog posts by the Crowdstrike Overwatch team making the case against part-time threat hunting…Jan 4, 20231Jan 4, 20231
QakBot Hunting: Autumn SpiceAutumn marks the beginning of the return of many familiar experiences. Familiar Halloween movies return to the screen; charming Fall time…Oct 4, 2022Oct 4, 2022
QakBot Detection: DUCK HUNT Part 2 — The .LNKAs promised in Part 1 of QakBot Detection: DUCK HUNT, we have a few more concepts to examine regarding the QakBot malware. In Part 1, we…Jul 13, 2022Jul 13, 2022
Prophet Spider Exploits Citrix ShareFile to Deploy WebshellThe adversary group nicknamed Prophet Spider by Crowdstrike has chosen a new vulnerability to include in its exploitation tool kit. This…Mar 18, 2022Mar 18, 2022
What do we actually know about the Darkside Ransomware operators?You have likely heard a great deal about attacks on U.S. companies from Russian hacking groups such as Darksides attack on Colonial…Jun 7, 2021Jun 7, 2021
GitHub Actions Abuse by CryptominersAdversaries are abusing GitHub Actions to run known Cryptominers. GitHub Actions is a CI/CD solution to run scheduled tasks and provide…Apr 5, 2021Apr 5, 2021
