On May 31, 2023, Progress Software released a security bulletin concerning a critical vulnerability within MOVEit Transfer, a widely used secure file transfer system. TrustedSec has performed analysis on the vulnerability and post-exploitation activities. At the time of publication, there is no associated CVE or CVS score. This post will describe the rese

Kaspersky offers various services to organizations that have been targeted by cyberattackers, such as incident response, digital forensics, and malware analysis. In our annual incident response report, we share information about the attacks that we investigated during the reporting period. Data provided in this report comes from our daily interactions with o

A successful cyberattack requires more than just gaining entry into a victim’s network. To truly reap the rewards, attackers must maintain a persistent presence within the system. After establishing communication with other compromised network devices, actors can stealthily extract valuable data. The key to all this is a well-developed Command and Con

Within the first two installments of this series, we identified the key to successful incident preparation starts with making sure a solid incident triage process is in place, centralized analysis documentation is created, and the incident communication cadence has been solidified. This, in conjunction with a well-oiled rapid triage Windows artifact processi

In Part 1 of this series, we identified that there are three (3) key parts to successful incident preparation: ensuring that a solid incident triage process is in place, creating centralized analysis documentation, and solidifying incident communication. In Part 2 of this series, I will delve into the process of thoroughly evaluating the incident, explore

In this series, I will be discussing how to handle an incident with the speed and precision of a DFIR warrior. With a rapid triage mindset, you’ll be able to assess the situation quickly and efficiently, just like a Jiu-Jitsu practitioner sizing up their opponent before delivering a devastating submission. You will have the tools to identify the type a

In the evolution of cybersecurity, the threat landscape is ever-changing while the line of defense is ever-shrinking. Security professionals started with securing the perimeters, but now we need to assume a breach in a zero-trust environment. However, providing intelligence to help users stay ahead of threats becomes a challenge when that information is ove

Introduction People have asked numerous times on Twitter, LinkedIn, Discord, and Slack, “Leo, how do I get into Detection Engineering?” In this blog, I will highlight my unique experience, some learning resources you might want to get your hands on (all free or low cost), and extras that have helped me overall. I’m currently a Senior Detection En

In today’s fast-paced and interconnected world, the threat of cyber-attacks and data breaches has become increasingly prevalent. As a result, it’s crucial for organizations to have a solid incident response plan in place to effectively and efficiently respond to security incidents. Incident response planning involves creating a framework and p

Understaffed security teams need all the help they can get, and they are finding that help through SOAR. SOAR — security orchestration, automation and response — is defined by Gartner as the “technologies that enable organizations to collect inputs monitored by the security operations team.” Gartner identifies a SOAR platform’s

This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The X-Force Vulnerability and Exploit Database shows that the number of zero days being released each year is on the rise, but X-Force has observed that only a few of these zero days are rapidly adopted by cyber criminals each year. While every zero day is important and

What is an SBOM? A Software Bill of Materials (SBOM) is a hierarchical, itemized list of all dependencies, their version numbers and provenance for a given piece of software. It may also include other data, such as the license type or details about which database to query for vulnerability disclosure. SBOMs are not restricted to applications and c

Managed Security Service Providers (MSSPs) have become an increasingly popular choice for organizations nowadays following the trend to outsource security services. Meanwhile, with the growing number of MSSPs in the market, it can be difficult for organizations to determine which provider will fit in the best way. This paper aims to provide guidance for orga

The security operations center (SOC) plays a critical role in protecting an organization’s assets and reputation by identifying, analyzing, and responding to cyberthreats in a timely and effective manner. Additionally, SOCs also help to improve overall security posture by providing add-on services like vulnerability identification, inventory tracking,

An incident response playbook is a predefined set of actions to address a specific security incident such as malware infection, violation of security policies, DDoS attack, etc. Its main goal is to enable a large enterprise security team to respond to cyberattacks in a timely and effective manner. Such playbooks help optimize the SOC processes, and are a maj