Stories from the SOC - Sowing the Seeds of Cybercrime: The Credential Harvester

August 08, 2024 | Sean Shirley

Read More

Stay Informed

Sign up to receive the latest security news and trends straight to your inbox from LevelBlue.

Business Email Compromise (BEC): Tracking a Threat Actor’s Funny Business

June 24, 2024 | Michael Venturella

Executive Summary In a recent LevelBlue incident response engagement, an ...

Stories from the SOC – Combating “Security Alert” Scams

May 01, 2024 | Jesse Rodriguez

Executive Summary The “Security Alert” scam is a prevalent tech-support fraud ...

DarkGate malware delivered via Microsoft Teams - detection and response

January 30, 2024 | Peter Boyle

Executive summary While most end users are well-acquainted with the dangers of ...

Stories from the SOC: BlackCat on the prowl

January 11, 2024 | James Rodriguez

This blog was co-authored with Josue Gomez and Ofer Caspi.

Stories from the SOC: Something smells phishy

January 09, 2024 | Michael Venturella

Executive summary In the current cyber landscape, adversaries commonly employ ...

Stories from the SOC: Proactive steps to protect customers from misconfigured MFA

November 16, 2023 | Julius Charles

Executive summary Multifactor authentication, or MFA, provides users with an ...

­Stories from the SOC: Quishing – Combatting embedded malicious QR codes

October 10, 2023 | James Rodriguez

James Rodriguez – Senior Specialist, Cybersecurity

Stories from the SOC - Unveiling the stealthy tactics of Aukill malware

August 16, 2023 | Jacob Marabelli

Executive summary On April 21st, 2023, LevelBlue Managed Extended Detection and ...

Stories from the SOC: Fighting back against credential harvesting with ProofPoint

June 29, 2023 | Emine Akbulut

Executive summary Credential harvesting is a technique that hackers use to gain ...

Stories from the SOC  - The case for human response actions

February 23, 2023 | Edwardo Rodriguez

Stories from the SOC is a blog series that describes recent real-world security ...

Stories from the SOC - RapperBot, Mirai Botnet - C2, CDIR Drop over SSH

January 31, 2023 | Emine Akbulut

Stories from the SOC is a blog series that describes recent real-world security ...

Stories from the SOC – Phishing for credentials

November 21, 2022 | Franklin Calderon

Stories from the SOC is a blog series that describes recent real-world security ...

Stories from the SOC: Fortinet authentication bypass observed in the wild

November 14, 2022 | Amer Amer

Executive summary: Fortinet’s newest vulnerability, CVE-2022-40684, allowing ...

Stories from the SOC: Feeling so foolish – SocGholish drive by compromise

October 17, 2022 | Ken Ng

Executive summary: SocGholish, also known as FakeUpdate, is a JavaScript ...

Stories from the SOC - C2 over Port 22

September 28, 2022 | Aaron Trofman

Stories from the SOC is a blog series that describes recent real-world security ...

Stories from the SOC – Credential compromise and the importance of MFA

August 08, 2022 | Evan Carey

Stories from the SOC is a blog series that describes recent real-world security ...

Stories from the SOC - Detecting internal reconnaissance

June 27, 2022 | Nathan Vail

Stories from the SOC is a blog series that describes recent real-world security ...

Stories from the SOC - Detecting internal reconnaissance

June 27, 2022 | Nathan Vail

Stories from the SOC is a blog series that describes recent real-world security ...

Suspicious behavior: OTX Indicator of Compromise - Detection & response

May 25, 2022 | Julius Charles

Stories from the SOC is a blog series that describes recent real-world security ...

Stories from the SOC - Persistent malware

May 16, 2022 | Adam Vertuca

Stories from the SOC is a blog series that describes recent real-world security ...

Stories from the SOC - Command and Control

May 09, 2022 | Robert Dean

Stories from the SOC is a blog series that describes recent real-world security ...

Stories from the SOC - Lateral movement using default accounts

April 19, 2022 | Robert Dean

Stories from the SOC is a blog series that describes recent real-world security ...

Stories from the SOC - WannaCry malware

January 31, 2022 | Ian Schlesinger

Stories from the SOC is a blog series that describes recent real-world security ...

Stories from the SOC - Inactive Account Exploitation

January 24, 2022 | Alex Galindo

Stories from the SOC is a blog series that describes recent real-world security ...

Stories from the SOC - Powershell, Proxyshell, Conti TTPs OH MY!

November 10, 2021 | Josh Gomez

Stories from the SOC is a blog series that describes recent real-world security ...

Stories from the SOC - Data exfiltration

October 11, 2021 | Julius Charles

Stories from the SOC is a blog series that describes recent real-world security ...

Stories from the SOC -SolarWinds Sunburst attack with malicious file

August 25, 2021 | Kristen Perreault

Stories from the SOC is a blog series that describes recent real-world security ...