Home
ATTACK
Features
Blog
Partners
Assess Yourself
Blog
All
Article
Success Story
FEATURED
A Malicious Note: Hackers using Microsoft OneNote Attachments to spread malware
Attackers are constantly looking for novel approaches to infect users with malware. Recently, hackers have been using OneNote attachments in phishing ..
Read More
Latest from FourCore
Exploit Party: Bring Your Own Vulnerable Driver Attacks
BYOVD or Bring Your Own Vulnerable Driver is an attack where a threat actor brings a legitimately signed and vulnerable driver to perform malicious ac..
Read More
Honey, I shrunk the SOC: Measuring Threat Visibility with MITRE ATT&CK(R)
We are excited to partner with Tidal Cyber and release our repository of attack simulations on the Tidal platform to help pave the way forward for ope..
Read More
EDR: Detections, Bypassess and other Shenanigans
EDR or Endpoint Detection and Response refers to an integrated endpoint security solution which continuously monitors end-point user's devices and try..
Read More
Microsoft Exchange Zero-Day Actively Exploited In Attacks: How to Mitigate
As of 30th Sept. 2022, A new zero-day is being actively exploited on Microsoft Exchange servers. MSRC has published guidance for customers to mitigate..
Read More
WhatsApp zero-day bug: What you need to know
WhatsApp silently fixed two zero-day vulnerabilities in their Android and iOS applications. These vulnerabilities let hackers take full control of the..
Read More
Ryuk Ransomware: History, Timeline, and Adversary Simulation
Ryuk is ransomware attributed to the hacker group WIZARD SPIDER that has targeted governments, healthcare, manufacturing, and technology organizations..
Read More
Detection Engineering with MITRE Top Techniques & Atomic Red Team
Detection Engineering is the process of optimizing security controls to get the most value out of them. Therefore, it is essential to prioritize your ..
Read More
ATT&CK + D3FEND = D.E.A.T.H
Threats targeting cyberspace are becoming more prominent and intelligent day by day. This inherently leads to a dire demand for continuous security va..
Read More
New Era of Phishing Payloads
Post the Office macros deprecation, a new malware delivery method is on the rise. Container file formats like ISOs/RARs/ZIPs and LNKs/DLLs can bypass ..
Read More
Manipulating Windows Tokens with Go
Windows Tokens are used for authentication and assigning privileges to windows programs. Understanding token manipulation is essential to detect malic..
Read More
Top 10 Awesome Open-Source Adversary Simulation Tools
Breach and Attack Simulation (BAS) also known as Adversary Simulation is an emerging IT security technology equipping the proactive approach to the wa..
Read More
Genesis - The Birth of a Windows Process (Part 2)
What happens when you run an executable on your Windows machine? In this second and final part of the series, we will go through the exact flow Create..
Read More
Genesis - The Birth of a Windows Process (Part 1)
What happens when you run an executable on your Windows machine? This blog provides a brief overview and the flow for creating a Windows Process, the ..
Read More
Raspberry Robin Worm infecting hundreds of Windows networks - Detection Sigma Rules
First spotted by the Red Canary intelligence team in Sept 2021, Raspberry Robin spreads via USB and Microsoft has discovered it to compromise hundreds..
Read More
Jenkins discloses zero-day vulnerabilities affecting dozens of plugins
If you are a user of Jenkins, go patch! Jenkins security team announced various bugs affecting a variety of their plugins. While patches for a few plu..
Read More
A deep dive into Sigma rules and how to write your own threat detection rules
Sigma Rules - a generic open-source signature format for SIEM Systems. What Snort is to network traffic, and YARA to files, Sigma is to logs. Released..
Read More
Red, Blue, and Purple Teaming: A collaborative approach to Security Assurance
Purple Teaming is a new cybersecurity approach aiming to improve the collaboration between the red and blue teams. It involves sharing knowledge, cont..
Read More
Customer Success Story: Financial Services Firm improved threat visibility in two weeks
How a financial services firm with more than 500 employees improved threat visibility in just two weeks with FourCore ATTACK. Validating and optimizin..
Read More
Using Windows Event Log IDs for Threat Hunting
Windows logs every action with a unique event ID. Security analysts can utilize these logs for threat hunting and enrich detections to identify attack..
Read More
New zero-day code execution vulnerability in MS Office - Follina
Independent security research team nao_sec reported a file submitted from Belarus exploiting the ms-msdt protocol and template injection to achieve ze..
Read More
F5 BIG-IP critical vulnerability exploited by attackers to gain unauthenticated RCE
If you are a user of F5 BIG-IP, go patch! CVE-2022-1388 is a vulnerability in F5 BIG-IP that allows an unauthenticated attacker to run arbitrary comma..
Read More
The curious case of mavinject.exe
Mavinject, described as Microsoft Application Visualisation Injector, is a signed Microsoft executable that can be abused to perform arbitrary code in..
Read More
Privilege escalation vulnerabilities discovered in Linux known as Nimbuspwn
Microsoft has disclosed a group of vulnerabilities in Linux known as Nimbuspwn that allows attackers to gain root privileges on a vulnerable system. F..
Read More
Colibri Loader's unique Persistence Technique using Get-Variable cmdlet
Colibri Loader uses a novel method of Persistence which makes use of Get-Variable cmdlet to run its executable every time powershell is launched. Here..
Read More
Critical Zero-Click Zero-Day Vulnerability in Windows RPC (CVE-2022-26809)
CVE-2022-26809 is a very high impact vulnerability impacting more than 700,000 Windows machines exposed to the internet. Here we cover what the vulner..
Read More
Critical Zero-Day RCE Vulnerability in Spring Core: Spring4shell (CVE-2022-22965)
A Critical RCE Vulnerability in Spring Core assigned CVE-2022-22965. We present a vulnerable web application and an exploit to showcase the vulnerabil..
Read More
firedrill: an open source malware simulation harness
We have open-sourced firedrill, a malware simulation harness. Simulate attacker TTPs and validate your security controls. Download it now from GitHub..
Read More
This cyber attack can cost you $4mn.
The pandemic has accelerated the transformation of a hybrid workplace, and the expansion of the attack surface is inevitable. Although teams coordinat..
Read More
Red Team Adventure: Digging into Windows Endpoints for EDRs and profit
EDRHunt is an open-source security tool to fingerprint security solutions (such as EDRs and AVs) installed on Windows. Download the binary from GitHub..
Read More