DNSForge – Responding with Force
September 09, 2024 | Apurva Goenka
Introducing DNSForge, a novel attacker tactic for responding to name resolution ...
Exposed and Encrypted: Inside a Mallox Ransomware Attack
August 27, 2024 | Bernard Bautista
Recently, a client enlisted the support of Trustwave to investigate an ...
Facebook Malvertising Epidemic – Unraveling a Persistent Threat: SYS01
July 15, 2024
The Trustwave SpiderLabs Threat Intelligence team's ongoing study into how ...
Search & Spoof: Abuse of Windows Search to Redirect to Malware
June 11, 2024 | Bernard Bautista
LevelBlue SpiderLabs has detected a sophisticated malware campaign that ...
Fake Advanced IP Scanner Installer Delivers Dangerous CobaltStrike Backdoor
June 05, 2024 | Rodel Mendrez
During a recent client investigation, Trustwave SpiderLabs found a malicious ...
Fake Dialog Boxes to Make Malware More Convincing
April 17, 2024 | Ram Prakash
Let’s explore how SpiderLabs created and incorporated user prompts, ...
CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway
April 12, 2024
UPDATE: Palo Alto Networks confirmed on Tuesday (4/16) that disabling device ...
DUALITY: Advanced Red Team Persistence Through Self-Reinfecting DLL Backdoors for Unyielding Control
February 12, 2024 | Faisal Tameesh
This blog post introduces the concept of DUALITY, which is a methodology and ...
Dissection Of Makop Ransomware Group
February 05, 2024 | Aishwarya Desai
This blog post outlines attack patterns identified across Makop ransomware ...
A SIMple Attack: A Look into Recent SIM Swap Attack Trends
October 14, 2023 | Natasha Vij and Victoria Nyktas
Stroz Friedberg has observed an uptick in SIM swapping across multiple ...
Financially Motivated Criminal Group Targets Telecom, Technology & Manufacturing
September 20, 2023 | Stroz Friedberg DFIR
This client advisory provides an overview of techniques and tactics attributed ...
The Evolution of Phishing Campaigns
September 11, 2023 | Rachel Kang
In 2022, phishing was responsible for more than half of the incidents ...
Cybersecurity in the Healthcare Industry: Trustwave SpiderLabs Report
July 13, 2023 | SpiderLabs Researcher
In their latest report titled "Cybersecurity in the Healthcare Industry: ...
Bypassing MFA: A Forensic Look at Evilginx2 Phishing Kit
February 10, 2023 | Carly Battaile
Recently, Stroz Friedberg Incident Response Services encountered an increase in ...
Yours Truly, Signed AV Driver: Weaponizing an Antivirus Driver
February 26, 2022 | Eduardo Mattos and Rob Homewood
In 2021, Stroz Friedberg observed novel indicators of compromise (IOCs) and a ...
Trustwave's Action Response: Multiple Log4j Zero-Day Vulnerabilities
December 10, 2021 | SpiderLabs Researcher
Updates: Dec. 29: Updated to cover three additional CVEs: CVE-2021-4104, ...
Cloudy with a Chance of Persistent Email Access
January 29, 2021 | Partha Alwar and Carly Battaile
How an advanced threat group leveraged Microsoft Azure to gain persistent ...
APT X – Process Hollowing
January 27, 2021 | Faisal Tameesh
A detailed walkthrough of the process hollowing injection technique.
See ya in S3!
November 14, 2020 | Mary Braden Murphy
Stroz Friedberg has unique insight on how attackers attempt to cover their ...
Into Defray
October 08, 2020 | Daniel Spicer
Stroz Friedberg provides a look into the techniques and patterns of the ...
Close, but no Ragnar
August 19, 2020 | Daniel Spicer and Partha Alwar
Stroz Friedberg Incident Response Services has observed Ragnar Locker use ...
Copy-Paste Threat Actor in the Asia Pacific Region
June 19, 2020 | Reegun Jayapaul
Summary Australian Prime Minister Australian Prime Minister Scott Morrison ...
Hardcoded Credentials in Uniguest Kiosk Software Lead to API Compromise
July 11, 2019 | Adrian Pruteanu
If you've traveled at all within North America, you've likely at some point ...
Wowza Streaming Engine Manager Directory Traversal And Local File Inclusion
February 11, 2019 | Sean Melia
CVE-2018-19365: Root local file inclusion in Wowza SRM 4.7.4.01.
SSH Weak Diffie-Hellman Group Identification Tool
August 03, 2015 | Fabian Foerg
Check SSH servers for weak Diffie-Hellman key exchange configurations.