How proactive threat hunting caught an attack engineered to evade the industry's leading endpoint platforms. By Justin Dolgos, Senior Threat Hunter at RSM Defense Most malware tries to avoid your security tools. This one knew them by name. Modern attackers have learned that the fastest way past a hardened security stack is not to break it. It is to convince a trusted ... READ MORE
When Your Browser Becomes the Attacker: Detecting Drive-By Script Execution in the Wild
Published by The RSM Defense Threat Hunting Team Author: Justin Dolgos - Sr. Threat Hunter MITRE ATT&CK: T1204.002 · T1059 · T1218 · T1219 · T1222 ⚠ TLDR Executive Summary Our threat hunters built a custom detection that fires the moment a browser or Windows Explorer spawns a script or suspicious executable from a user-writable directory. In a recent ... READ MORE
Fake Captcha Chains – Portable Behaviors, Practical Detections, And Field Notes
Executive Summary RSM Defense’s Threat Hunting Team performed a focused investigation after reviewing recent intelligence on the “Fake CAPTCHA” campaign. Our hypothesis was: “If the actor is in the environment, we may observe escaped or obfuscated PowerShell commands (for example h^t^t^p) used to download and stage payloads.” The hunt confirmed activity that occurred over a ... READ MORE