threat intelligence Collection through Correlation: Operationalizing IP and Domain Indicators of Compromise IP addresses and domains aren’t just for blocklists; when analyzed with the right tools, they can be operationalized to enrich alerts, support threat hunting, and uncover risk.
threat intelligence Albabat 2.0.0 Decoded: A Config-Driven Design This blog analyzes Albabat ransomware, exploring its config file, executed ransomware commands, and ransom note.
malware Rilide - An Information Stealing Browser Extension Learn about the information stealing browser extension Rilide, its delivery methods, and intrusion chain.
threat intelligence Compromised Browser Extensions - A Growing Threat Vector Learn how threat actors leverage browser extensions as an attack vector, including examples for Cyberhaven and GraphQL Network Inspector.
threat intelligence Featured Assemblyline 101 - Open Source Malware Triage Learn how to install and use Assemblyline, the open-source malware triage tool. This 101 includes an overview, deployment walkthrough, example use case, and resources.
threat intelligence Leveraging Threat Intelligence in Security Operations Explore the essential role of Cyber Threat Intelligence (CTI) in understanding and mitigating cybersecurity threats - detailing its types, processes, and effective implementation in enhancing security operations and incident response.
threat intelligence Cronus: Ransomware Threatening Bodily Harm This technical research analyzes Cronus Ransomware. We examine how the ransomware encrypts files, establishes persistence, and deviates from other ransom notes.
threat intelligence CrowdStrike BSOD Outage: What We Know What we know about the CrowdStrike BSOD outage.
threat intelligence Phishing Kits 101 & V3B Phishing Kit Phishing kits are "as-a-service" tools that help threat actors rapidly deploy phishing pages and campaigns. This blog examines key components, how they work, helpful resources, and a dive into the V3B phishing kit.
threat intelligence Sharing, Compared Part 4: Where Do We Go From Here? Quantitative and qualitative insights inform our roadmap and best practices to achieve success in CTI networking.
malware Latrodectus Loader This research examines the distribution mechanisms, C2 traffic patterns, and functionality of Latrodectus loader.
threat intelligence Sharing, Compared Part 3: How Can We Improve? In part 3, we examine the challenges, organizational context, and issues with methods used for cyber threat intelligence sharing.
threat intelligence Sharing, Compared Part 2: Where Do We Share? In part 2 of this series, discover where practitioners share during CTI collaboration - from peer to peer trust groups to paid memberships.
threat intelligence Featured Tool Guide: CyberChef 101 Learn how to use the versatile, open source utility CyberChef. This 101 includes an overview, operations, real-world walkthrough, and resources.
threat intelligence Sharing, Compared Part 1: How and Why Do We Connect? In the first of our four-part series, learn why practitioners prioritize human-to-human sharing and its benefits.
threat intelligence Balada Injector Dive into how Balada exploits vulnerabilities within WordPress plugins. This research blog analyzes how Balada injects malicious code and the functionality of the scripts used in the campaign.
threat intelligence CTI Networking Report 2024 "Sharing, Compared: A Study on the Changing Landscape of CTI Networking" is now available online.
threat intelligence PikaBot Rising Dive into the distribution methods and capabilities of Pikabot, a loader that has been growing in prevalence since early 2023.
pulsedive 2023 In Review Here's our 2023 roundup of cyber threat intelligence news: key exploited vulnerabilities, ransomware, and Pulsedive updates over the last year.
threat intelligence Analyzing DarkGate Loaders This blog examines three different loader types used in recent DarkGate infections.
threat intelligence Analyzing Agniane Stealer Agniane is an emerging infostealer identified in August 2023. Dive into how Agniane collects data, evades analysis, and expands operations in this blog.
malware Identifying Mystic Stealer Control Panels Learn how to research and identify control panels for Mystic Stealer, an information stealer that appeared on underground markets in April 2023.
malware Akira Ransomware Akira is an emergent ransomware group that has been active since April 2023, targeting small to medium organizations. Here's what you need to know.
threat intelligence Better Together: The Best Cyber Threat Intelligence Events Our roundup of the best cyber threat intelligence events you won't want to miss.
