How proactive threat hunting caught an attack engineered to evade the industry's leading endpoint platforms. By Justin Dolgos, Senior Threat Hunter at RSM Defense Most malware tries to avoid your security tools. This one knew them by ... READ MORE
Main Content
From the War Room Blog
When Your Browser Becomes the Attacker: Detecting Drive-By Script Execution in the Wild
Published by The RSM Defense Threat Hunting Team Author: Justin Dolgos - Sr. Threat Hunter MITRE ATT&CK: T1204.002 · T1059 · T1218 · T1219 · T1222 ⚠ TLDR Executive Summary Our threat hunters built a custom detection that ... READ MORE
Fake Captcha Chains – Portable Behaviors, Practical Detections, And Field Notes
Executive Summary RSM Defense’s Threat Hunting Team performed a focused investigation after reviewing recent intelligence on the “Fake CAPTCHA” campaign. Our hypothesis was: “If the actor is in the environment, we may observe escaped or ... READ MORE
Threat Hunt Report: CORNFLAKE.V3 Backdoor with Remote Code Execution Capability
Executive Summary This document presents the results of a targeted threat hunt conducted in search of tactics, techniques, and procedures (TTPs) associated with the CORNFLAKE.V3 backdoor. During the investigation, a backdoor with remote code ... READ MORE
Threat Hunting Win: Uncovering Multi-Stage Malware from RMM Abuse
At RSM Defense, we embrace a proactive approach to cybersecurity. Instead of waiting for alerts to trigger a response, our Threat Hunting team regularly conducts hypothesis-driven investigations. These investigations are designed to uncover subtle ... READ MORE
Securing Tomorrow: Evaluating Cyber Catastrophe
On each Friday for the month of February, RSM’s Julia Polyak will be providing an article on the future of cyber-attacks and cyber-warfare, and how organizations can remain aware of emerging threats in this landscape. Please note that the views ... READ MORE