Blog

All

Article

Success Story

A Malicious Note: Hackers using Microsoft OneNote Attachments to spread malware

Attackers are constantly looking for novel approaches to infect users with malware. Recently, hackers have been using OneNote attachments in phishing ..

Latest from FourCore

Exploit Party: Bring Your Own Vulnerable Driver Attacks

Exploit Party: Bring Your Own Vulnerable Driver Attacks

BYOVD or Bring Your Own Vulnerable Driver is an attack where a threat actor brings a legitimately signed and vulnerable driver to perform malicious ac..

Honey, I shrunk the SOC: Measuring Threat Visibility with MITRE ATT&CK(R)

Honey, I shrunk the SOC: Measuring Threat Visibility with MITRE ATT&CK(R)

We are excited to partner with Tidal Cyber and release our repository of attack simulations on the Tidal platform to help pave the way forward for ope..

EDR: Detections, Bypassess and other Shenanigans

EDR: Detections, Bypassess and other Shenanigans

EDR or Endpoint Detection and Response refers to an integrated endpoint security solution which continuously monitors end-point user's devices and try..

Microsoft Exchange Zero-Day Actively Exploited In Attacks: How to Mitigate

Microsoft Exchange Zero-Day Actively Exploited In Attacks: How to Mitigate

As of 30th Sept. 2022, A new zero-day is being actively exploited on Microsoft Exchange servers. MSRC has published guidance for customers to mitigate..

WhatsApp zero-day bug: What you need to know

WhatsApp zero-day bug: What you need to know

WhatsApp silently fixed two zero-day vulnerabilities in their Android and iOS applications. These vulnerabilities let hackers take full control of the..

Ryuk Ransomware: History, Timeline, and Adversary Simulation

Ryuk Ransomware: History, Timeline, and Adversary Simulation

Ryuk is ransomware attributed to the hacker group WIZARD SPIDER that has targeted governments, healthcare, manufacturing, and technology organizations..

Detection Engineering with MITRE Top Techniques & Atomic Red Team

Detection Engineering with MITRE Top Techniques & Atomic Red Team

Detection Engineering is the process of optimizing security controls to get the most value out of them. Therefore, it is essential to prioritize your ..

ATT&CK + D3FEND = D.E.A.T.H

ATT&CK + D3FEND = D.E.A.T.H

Threats targeting cyberspace are becoming more prominent and intelligent day by day. This inherently leads to a dire demand for continuous security va..

New Era of Phishing Payloads

New Era of Phishing Payloads

Post the Office macros deprecation, a new malware delivery method is on the rise. Container file formats like ISOs/RARs/ZIPs and LNKs/DLLs can bypass ..

Manipulating Windows Tokens with Go

Manipulating Windows Tokens with Go

Windows Tokens are used for authentication and assigning privileges to windows programs. Understanding token manipulation is essential to detect malic..

Top 10 Awesome Open-Source Adversary Simulation Tools

Top 10 Awesome Open-Source Adversary Simulation Tools

Breach and Attack Simulation (BAS) also known as Adversary Simulation is an emerging IT security technology equipping the proactive approach to the wa..

Genesis - The Birth of a Windows Process (Part 2)

Genesis - The Birth of a Windows Process (Part 2)

What happens when you run an executable on your Windows machine? In this second and final part of the series, we will go through the exact flow Create..

Genesis - The Birth of a Windows Process (Part 1)

Genesis - The Birth of a Windows Process (Part 1)

What happens when you run an executable on your Windows machine? This blog provides a brief overview and the flow for creating a Windows Process, the ..

Raspberry Robin Worm infecting hundreds of Windows networks - Detection Sigma Rules

Raspberry Robin Worm infecting hundreds of Windows networks - Detection Sigma Rules

First spotted by the Red Canary intelligence team in Sept 2021, Raspberry Robin spreads via USB and Microsoft has discovered it to compromise hundreds..

Jenkins discloses zero-day vulnerabilities affecting dozens of plugins

Jenkins discloses zero-day vulnerabilities affecting dozens of plugins

If you are a user of Jenkins, go patch! Jenkins security team announced various bugs affecting a variety of their plugins. While patches for a few plu..

A deep dive into Sigma rules and how to write your own threat detection rules

A deep dive into Sigma rules and how to write your own threat detection rules

Sigma Rules - a generic open-source signature format for SIEM Systems. What Snort is to network traffic, and YARA to files, Sigma is to logs. Released..

Red, Blue, and Purple Teaming: A collaborative approach to Security Assurance

Red, Blue, and Purple Teaming: A collaborative approach to Security Assurance

Purple Teaming is a new cybersecurity approach aiming to improve the collaboration between the red and blue teams. It involves sharing knowledge, cont..

Customer Success Story: Financial Services Firm improved threat visibility in two weeks

Customer Success Story: Financial Services Firm improved threat visibility in two weeks

How a financial services firm with more than 500 employees improved threat visibility in just two weeks with FourCore ATTACK. Validating and optimizin..

Using Windows Event Log IDs for Threat Hunting

Using Windows Event Log IDs for Threat Hunting

Windows logs every action with a unique event ID. Security analysts can utilize these logs for threat hunting and enrich detections to identify attack..

New zero-day code execution vulnerability in MS Office - Follina

New zero-day code execution vulnerability in MS Office - Follina

Independent security research team nao_sec reported a file submitted from Belarus exploiting the ms-msdt protocol and template injection to achieve ze..

F5 BIG-IP critical vulnerability exploited by attackers to gain unauthenticated RCE

F5 BIG-IP critical vulnerability exploited by attackers to gain unauthenticated RCE

If you are a user of F5 BIG-IP, go patch! CVE-2022-1388 is a vulnerability in F5 BIG-IP that allows an unauthenticated attacker to run arbitrary comma..

The curious case of mavinject.exe

The curious case of mavinject.exe

Mavinject, described as Microsoft Application Visualisation Injector, is a signed Microsoft executable that can be abused to perform arbitrary code in..

Privilege escalation vulnerabilities discovered in Linux known as Nimbuspwn

Privilege escalation vulnerabilities discovered in Linux known as Nimbuspwn

Microsoft has disclosed a group of vulnerabilities in Linux known as Nimbuspwn that allows attackers to gain root privileges on a vulnerable system. F..

Colibri Loader's unique Persistence Technique using Get-Variable cmdlet

Colibri Loader's unique Persistence Technique using Get-Variable cmdlet

Colibri Loader uses a novel method of Persistence which makes use of Get-Variable cmdlet to run its executable every time powershell is launched. Here..

Critical Zero-Click Zero-Day Vulnerability in Windows RPC (CVE-2022-26809)

Critical Zero-Click Zero-Day Vulnerability in Windows RPC (CVE-2022-26809)

CVE-2022-26809 is a very high impact vulnerability impacting more than 700,000 Windows machines exposed to the internet. Here we cover what the vulner..

Critical Zero-Day RCE Vulnerability in Spring Core: Spring4shell (CVE-2022-22965)

Critical Zero-Day RCE Vulnerability in Spring Core: Spring4shell (CVE-2022-22965)

A Critical RCE Vulnerability in Spring Core assigned CVE-2022-22965. We present a vulnerable web application and an exploit to showcase the vulnerabil..

firedrill: an open source malware simulation harness

firedrill: an open source malware simulation harness

We have open-sourced firedrill, a malware simulation harness. Simulate attacker TTPs and validate your security controls. Download it now from GitHub..

This cyber attack can cost you $4mn.

This cyber attack can cost you $4mn.

The pandemic has accelerated the transformation of a hybrid workplace, and the expansion of the attack surface is inevitable. Although teams coordinat..

Red Team Adventure: Digging into Windows Endpoints for EDRs and profit

Red Team Adventure: Digging into Windows Endpoints for EDRs and profit

EDRHunt is an open-source security tool to fingerprint security solutions (such as EDRs and AVs) installed on Windows. Download the binary from GitHub..