The dawn of our fifth year deepens our understanding of the enemies at the gate, and some tensions inside it; plus, an anniversary gift from us to you Contact us […]
Continue Reading-
The Bite from Inside: The Sophos Active Adversary Report
A sea change in available data fuels fresh insights from the first half of 2024 Contact us today for more information about SOPHOS cyber security solutions
Continue Reading -
Qilin ransomware caught stealing credentials stored in Google Chrome
Familiar ransomware develops an appetite for passwords to third-party sites Contact us today for more information about SOPHOS cyber security solutions
Continue Reading -
Don’t get Mad, get wise
The “Mad Liberator” ransomware group leverages social-engineering moves to watch out for Contact us today for more information about SOPHOS cyber security solutions
Continue Reading -
RD Web Access abuse: Fighting back
Investigation insights and recommendations from a recent welter of incident-response cases Contact us today for more information about SOPHOS cyber security solutions
Continue Reading -
Sophos Incident Response achieves NCSC Certified Incident Response (CIR) Level 2 status
I am delighted to announce that the Sophos Incident Response service has been awarded U.K.’s National Cyber Security Centre (NCSC) Cyber Incident Response (CIR) Level 2 status by CREST. This […]
Continue Reading -
Extracting data from encrypted virtual disks: six methods
For incident responders, a variety of techniques for information retrieval from locked-up VMs Contact us today for more information about SOPHOS cyber security solutions
Continue Reading -
It’s Oh So Quiet (?): The Sophos Active Adversary Report for 1H 2024
The latter half of 2023 found numerous fronts on which attackers failed to press ahead. Are defenders failing to take advantage? Contact us today for more information about SOPHOS cyber […]
Continue Reading -
Remote Desktop Protocol: The Series
What is RDP, why is it a very nearly ubiquitous finding in incident response, and how can investigators run it to ground it when it goes wrong? An Active Adversary […]
Continue Reading -
Remote Desktop Protocol: Exposed RDP (is dangerous)
Is it really that risky to expose an RDP port to the internet? What if you change the default port? What if it’s just for a little while? The data […]
Continue Reading -
Remote Desktop Protocol: How to Use Time Zone Bias
Where in the world is your attacker? Presenting a less-known but useful event to look for in your logs Contact us today for more information about SOPHOS cyber security solutions
Continue Reading -
Remote Desktop Protocol: Queries for Investigation
How can defenders begin to make sense of RDP issues on their networks? We present three powerful tools for investigators’ toolkits Contact us today for more information about SOPHOS cyber […]
Continue Reading -
Remote Desktop Protocol: Executing the 4624_4625 Login Query
Keeping an eye on who’s trying to get onto your network – whether or not they’re successful – can pay off on multiple fronts Contact us today for more information […]
Continue Reading -
Remote Desktop Protocol: Executing the External RDP Query
On the hunt for successful RDP connections that have entered your network from outside? A step-by-step guide (and a query to get you started) Contact us today for more information […]
Continue Reading -
The song remains the same: The 2023 Active Adversary Report for Security Practitioners
The remarkable decline in attacker dwell time is now well-documented, but what does that mean for those doing the hands-on work of infosecurity? Contact us today for more information about […]
Continue Reading -
Identifying Group Policy attacks
A threat hunt looks at three attacker changes to a compromised Active Directory, and explains how to both understand and overcome them Contact us today for more information about SOPHOS […]
Continue Reading
You must be logged in to post a comment.