Persistence: The Art of Staying Hidden
In the world of ransomware, persistence is key. Once attackers gain access to a system, their goal is to maintain that access for as long...
top of page
-
Aug 203 min read
Dark Side of Scripting: How Ransomware Abuses Powerful Tools
Ransomware attacks have become increasingly sophisticated, leveraging every tool at their disposal to wreak havoc. Among these tools,...
24 views0 comments
-
Aug 194 min read
Ransomware Tactics: Leveraging Legitimate Tools and Advanced Techniques
Ransomware actors have increasingly shifted their tactics, techniques, and procedures (TTPs) to include the use of legitimate commercial...
33 views0 comments
-
Aug 184 min read
Understanding Infection Vectors in Ransomware Attacks
Ransomware attacks have become increasingly sophisticated, with threat actors leveraging various infection vectors to gain initial access...
27 views0 comments
-
Aug 172 min read
Enhancing Your Logging Capabilities with Sysmon for ransomware/Any type of attack
Why Sysmon? Sysmon provides detailed information about process creations, network connections, and changes to file creation time. This...
14 views0 comments
-
Aug 163 min read
Enhancing Windows Security with Log-MD
What is Log-MD? Log-MD is a security tool tailored for Windows systems. It audits log settings and advanced audit policy configurations,...
22 views0 comments
-
Aug 153 min read
Tools for Ransomware Analysis and Response
In the world of ransomware analysis and incident response, having the right tools at your disposal can make all the difference. Manual...
30 views0 comments
-
Aug 142 min read
Windows Environment Variables for Ransomware Analysis
Windows environment variables are one such critical component that forensic analysts must be familiar with. These variables function like...
28 views0 comments
-
Aug 132 min read
Ransomware Analysis: A Examiner’s Guide
When it comes to forensic analysis, Windows is an incredibly revealing operating system. It leaves behind numerous traces that can...
52 views0 comments
-
Aug 122 min read
Understanding Ransomware Hosting and Affiliate Programs
Ransomware attacks continue to evolve, and so do the tactics used by ransomware actors. One of the key components in their operations is...
26 views0 comments
-
Aug 104 min read
Running Plaso/Log2Timeline on Windows
In my previous blog, A Deep Dive into Plaso Log2Timeline Forensic Tools, I covered how to use Plaso Log2Timeline on Ubuntu and parse the...
74 views0 comments
-
Aug 92 min read
How Ransomware Operators Communicate and Share Data
The darknet is a hidden part of the internet where anonymity is paramount. It's a favorite spot for ransomware operators and other...
44 views0 comments
-
Aug 82 min read
Understanding the Ransomware Extortion Types, DLSs, Resources
Ransomware attacks are a major threat today, constantly evolving to keep victims under pressure. Types of Ransomware Extortion Data...
31 views0 comments
-
Aug 72 min read
Ever-Evolving World of Ransomware: Evolution Over Time
Ransomware is a constantly changing threat. It's like a game of whack-a-mole for researchers: as soon as you think you've understood one...
34 views0 comments
-
Aug 62 min read
Understanding Ransomware-as-a-Service (RaaS) Part 4: RaaS Dashboards and Darknet Marketplaces
Introduction Welcome back to our series on Ransomware-as-a-Service (RaaS)! In this post, we will explore RaaS dashboards and the role of...
31 views0 comments
-
Aug 52 min read
Understanding Ransomware-as-a-Service (RaaS) Part 3: Exploring Ransomware Builders
Introduction Welcome back to our series on Ransomware-as-a-Service (RaaS)!Today, we’re diving into the world of ransomware builders, the...
28 views0 comments
-
Aug 42 min read
Understanding Ransomware-as-a-Service (RaaS) Part 2: The Roles of Initial Access Brokers (IABs) and Ransomware Builders
Welcome back to our series on Ransomware-as-a-Service (RaaS)!. Today, we’re going to dig deeper into two key components: Initial Access...
27 views0 comments
-
Aug 32 min read
The Evolution of Ransomware: Understanding the Ransomware-as-a-Service (RaaS) Model
In our previous blog, we delved into the history and evolution of ransomware, from the AIDS Trojan to modern-day threats. Today, we turn...
23 views0 comments
-
Aug 23 min read
The Untold Origins and Evolution of Ransomware
Introduction Everyone knows what ransomware is and what it does, but only a few are aware of its origins and history. Over the next few...
34 views0 comments
-
Aug 13 min read
Rethinking Incident Response: From PICERL to DAIR
Incident Response (IR) is a critical component in the cybersecurity landscape, often abbreviated as PICERL, which stands for Preparation,...
139 views0 comments
bottom of page