New Era of Phishing Payloads
mark of the web
Post the Office macros deprecation, a new malware delivery method is on the rise. Container file formats like ISOs/RARs/ZIPs and LNKs/DLLs can bypass ..
Fri Aug 5, 2022
Latest from FourCore
Manipulating Windows Tokens with Go
Windows Tokens are used for authentication and assigning privileges to windows programs. Understanding token manipulation is essential to detect malic..
Wed Jul 27, 2022
Top 10 Awesome Open-Source Adversary Simulation Tools
Breach and Attack Simulation (BAS) also known as Adversary Simulation is an emerging IT security technology equipping the proactive approach to the wa..
Sun Jul 24, 2022
Genesis - The Birth of a Windows Process (Part 2)
What happens when you run an executable on your Windows machine? In this second and final part of the series, we will go through the exact flow Create..
Sat July 16, 2022
Genesis - The Birth of a Windows Process (Part 1)
What happens when you run an executable on your Windows machine? This blog provides a brief overview and the flow for creating a Windows Process, the ..
Wed July 13, 2022
Raspberry Robin Worm infecting hundreds of Windows networks - Detection Sigma Rules
First spotted by the Red Canary intelligence team in Sept 2021, Raspberry Robin spreads via USB and Microsoft has discovered it to compromise hundreds..
Mon Jul 5, 2022
Jenkins discloses zero-day vulnerabilities affecting dozens of plugins
If you are a user of Jenkins, go patch! Jenkins security team announced various bugs affecting a variety of their plugins. While patches for a few plu..
Mon July 04, 2022
A deep dive into Sigma rules and how to write your own threat detection rules
Sigma Rules - a generic open-source signature format for SIEM Systems. What Snort is to network traffic, and YARA to files, Sigma is to logs. Released..
Tue June 21, 2022
Red, Blue, and Purple Teaming: A collaborative approach to Security Assurance
Purple Teaming is a new cybersecurity approach aiming to improve the collaboration between the red and blue teams. It involves sharing knowledge, cont..
Tue June 14, 2022
Customer Success Story: Financial Services Firm improved threat visibility in two weeks
financial services firm
How a financial services firm with more than 500 employees improved threat visibility in just two weeks with FourCore ATTACK. Validating and optimizin..
Tue Jun 07, 2022
Using Windows Event Log IDs for Threat Hunting
Windows Event Log
Windows logs every action with a unique event ID. Security analysts can utilize these logs for threat hunting and enrich detections to identify attack..
Mon Jun 06, 2022
New zero-day code execution vulnerability in MS Office - Follina
Independent security research team nao_sec reported a file submitted from Belarus exploiting the ms-msdt protocol and template injection to achieve ze..
Mon May 30, 2022
F5 BIG-IP critical vulnerability exploited by attackers to gain unauthenticated RCE
If you are a user of F5 BIG-IP, go patch! CVE-2022-1388 is a vulnerability in F5 BIG-IP that allows an unauthenticated attacker to run arbitrary comma..
Mon May 16, 2022
The curious case of mavinject.exe
Mavinject, described as Microsoft Application Visualisation Injector, is a signed Microsoft executable that can be abused to perform arbitrary code in..
Thu May 05, 2022
Privilege escalation vulnerabilities discovered in Linux known as Nimbuspwn
Microsoft has disclosed a group of vulnerabilities in Linux known as Nimbuspwn that allows attackers to gain root privileges on a vulnerable system. F..
Fri April 29, 2022
Colibri Loader's unique Persistence Technique using Get-Variable cmdlet
Colibri Loader uses a novel method of Persistence which makes use of Get-Variable cmdlet to run its executable every time powershell is launched. Here..
Tue Apr 26, 2022
Critical Zero-Click Zero-Day Vulnerability in Windows RPC (CVE-2022-26809)
CVE-2022-26809 is a very high impact vulnerability impacting more than 700,000 Windows machines exposed to the internet. Here we cover what the vulner..
Mon Apr 18, 2022
Critical Zero-Day RCE Vulnerability in Spring Core: Spring4shell (CVE-2022-22965)
A Critical RCE Vulnerability in Spring Core assigned CVE-2022-22965. We present a vulnerable web application and an exploit to showcase the vulnerabil..
Fri Apr 1, 2022
firedrill: an open source malware simulation harness
We have open-sourced firedrill, a malware simulation harness. Simulate attacker TTPs and validate your security controls. Download it now from GitHub..
Sun Jan 23, 2022
This cyber attack can cost you $4mn.
The pandemic has accelerated the transformation of a hybrid workplace, and the expansion of the attack surface is inevitable. Although teams coordinat..
Fri Jan 14, 2022
Red Team Adventure: Digging into Windows Endpoints for EDRs and profit
EDRHunt is an open-source security tool to fingerprint security solutions (such as EDRs and AVs) installed on Windows. Download the binary from GitHub..
Sun Oct 10, 2021