The latter half of 2023 found numerous fronts on which attackers failed to press ahead. Are defenders failing to take advantage? Contact us today for more information about SOPHOS cyber […]
Continue Reading-
Remote Desktop Protocol: The Series
What is RDP, why is it a very nearly ubiquitous finding in incident response, and how can investigators run it to ground it when it goes wrong? An Active Adversary […]
Continue Reading -
Remote Desktop Protocol: Exposed RDP (is dangerous)
Is it really that risky to expose an RDP port to the internet? What if you change the default port? What if it’s just for a little while? The data […]
Continue Reading -
Remote Desktop Protocol: How to Use Time Zone Bias
Where in the world is your attacker? Presenting a less-known but useful event to look for in your logs Contact us today for more information about SOPHOS cyber security solutions
Continue Reading -
Remote Desktop Protocol: Queries for Investigation
How can defenders begin to make sense of RDP issues on their networks? We present three powerful tools for investigators’ toolkits Contact us today for more information about SOPHOS cyber […]
Continue Reading -
Remote Desktop Protocol: Executing the 4624_4625 Login Query
Keeping an eye on who’s trying to get onto your network – whether or not they’re successful – can pay off on multiple fronts Contact us today for more information […]
Continue Reading -
Remote Desktop Protocol: Executing the External RDP Query
On the hunt for successful RDP connections that have entered your network from outside? A step-by-step guide (and a query to get you started) Contact us today for more information […]
Continue Reading -
The song remains the same: The 2023 Active Adversary Report for Security Practitioners
The remarkable decline in attacker dwell time is now well-documented, but what does that mean for those doing the hands-on work of infosecurity? Contact us today for more information about […]
Continue Reading -
Identifying Group Policy attacks
A threat hunt looks at three attacker changes to a compromised Active Directory, and explains how to both understand and overcome them Contact us today for more information about SOPHOS […]
Continue Reading -
Introducing the Sophos Incident Response Services Retainer
An elite team of incident response experts on standby to get you back to business quickly in the event of a breach. Contact us today for more information about SOPHOS […]
Continue Reading -
Time keeps on slippin’ slippin’ slippin’: The 2023 Active Adversary Report for Tech Leaders
A deep dive into incident-response cases from the first half of this year finds both attackers and defenders picking up the pace Contact us today for more information about SOPHOS […]
Continue Reading -
Understanding the New SEC Cybersecurity Rules: A Guide for Executives
The new SEC cybersecurity rules significantly enhance disclosure requirements, emphasize the board’s role in risk management, and introduce a stringent four-day reporting timeline, necessitating that public companies bolster their cybersecurity […]
Continue Reading -
Akira Ransomware is “bringin’ 1988 back”
A new recently observed ransomware family dubbed Akira uses a retro aesthetic on their victim site very reminiscent of the 1980s green screen consoles and possibly takes its namesake from […]
Continue Reading -
Everything Everywhere All At Once: The 2023 Active Adversary Report for Business Leaders
A deep dive into over 150 incident-response cases reveals both attackers and defenders picking up the pace Contact us today for more information about SOPHOS cyber security solutions
Continue Reading -
Rapid Response: The Ngrok Incident Guide
Ngrok is a legitimate remote-access tool. It is regularly abused by attackers, who use its capabilities and reputation to maneuver while bypassing network protections. This incident guide shows Security Operations […]
Continue Reading
You must be logged in to post a comment.