Open in app

Sign In

Write

Sign In

Bank Security
Bank Security

1.1K Followers

Home

About

Jan 18

Attribution in Cyber Threat Intelligence: Techniques and Challenges

Understanding the importance and methods of the cyber attribution from a strategic point of view — Introduction Working in cyber threat intelligence involves a fair amount of activity aimed at attributing cyber attacks. Since today there is no clear list of the different ways to attribute a cyber attack to a specific criminal group or APT, I have decided to describe below the various steps to do…

Threat Intelligence

6 min read

Attribution in Cyber Threat Intelligence: Techniques and Challenges
Attribution in Cyber Threat Intelligence: Techniques and Challenges
Threat Intelligence

6 min read


May 12, 2022

Hunting Cobalt Strike Servers

A comprehensive view on the techniques used to fingerprint Cobalt Strike’s C2s — Introduction If you are looking for a method to hunt Cobalt Strike servers this is the article for you. I have grouped different techniques for this purpose and I created Shodan queries to have an overview of all active Cobalt Strike command and control (C2) servers. Why do this? To date, having an updated…

Cybersecurity

13 min read

Hunting Cobalt Strike Servers
Hunting Cobalt Strike Servers
Cybersecurity

13 min read


Mar 25, 2022

The evolution of ShadowPad infrastructure

Pivoting the ShadowPad C2s SSL Certificate to track the malware’s infrastructure — Key takeaways ShadowPad malware has been used for years by the Chinese state-sponsored group named Winnti (aka APT41, AXIOM, WICKED SPIDER & PANDA); The SSL certificate used by the ShadowPad C2s has remained unchanged over the years, allowing analysts to keep track of the evolution of malware and its infrastructure;

Cybersecurity

8 min read

The evolution of ShadowPad infrastructure
The evolution of ShadowPad infrastructure
Cybersecurity

8 min read


Feb 2, 2022

2021 Dark Web Financial Cyber Threats

An overview of the most commonly advertised information related to financial institutions on the Dark Web in 2021 Key Takeaways: Over 300 advertised financial institutions in 64 different countries around the world. The United States is the most targeted; In Europe, the most affected country is Germany. …

Cybercrime

4 min read

2021 Dark Web Financial Cyber Threats
2021 Dark Web Financial Cyber Threats
Cybercrime

4 min read


Apr 16, 2021

Are the hackers all Russian?

Results of a 1 year espionage operation in the Top-tier Russian underground communities — Top 10 Key Takeaways Analyzed traffic data comes from exclusively private Russian underground communities where various accounts with different backgrounds persuaded Threat Actors to click on specific links; During about 1 year of undercover operation, data from 550 unique hosts was collected; In total, connections from 68 different countries were collected;

Threat Intelligence

7 min read

Are the hackers all Russian?
Are the hackers all Russian?
Threat Intelligence

7 min read


Jan 25, 2021

Cyber Intelligence: HUMINT Operations

How to engage Threat Actors during undercover operations in the cyber-crime battleground — Introduction Monitoring cyber crime forums is certainly very important but when information arrives on a forum it is often already too late or has already been exploited by some Threat Actor previously who exchanged it or sold it privately with his most trusted contacts or buyers. To be able to get…

Cybersecurity

8 min read

Cyber Intelligence: HUMINT Operations
Cyber Intelligence: HUMINT Operations
Cybersecurity

8 min read


Jun 30, 2020

Banks’ Cyber ​​Intelligence Assessment

Top 30 questions to understand the maturity of your Cyber Intelligence program Adversaries — What adversaries are likely to target financial services organizations? Financial (Motivation) — What are the financial motivations for targeting banks or financial services organizations? Nation State (Motivation) — What nation-state agendas may result in the targeting…

Cybersecurity

3 min read

Banks’ Cyber ​​Intelligence Assessment
Banks’ Cyber ​​Intelligence Assessment
Cybersecurity

3 min read


Apr 6, 2020

Possible link between Magecart group & Cerberus Banking Trojan C2

Magecart JS Web Skimmer is present on the same C2 related to Cerberus Banking Trojan. Magecart Web Skimmer: My analysis started from a Web skimmer that is impersonating sucuri.net hosted on hxxps://sucurl.net/cdn/au.js The script is still there: https://urlscan.io/result/db8a149a-75c2-414d-a89e-b991e7a3689b

Threat Intelligence

4 min read

Possible link between Magecart group & Cerberus Banking Trojan C2
Possible link between Magecart group & Cerberus Banking Trojan C2
Threat Intelligence

4 min read


Jan 8, 2020

Automated Host Recon, Persistence and Exfiltration

Batch script to automate collection, credential dumping, discovery and exfiltration techniques — CONTEXT Each time during a red team or a PT we always find ourselves performing manual reconnaissance actions before deciding how to move laterally or perform more aggressive post exploitation actions. This article will give you a vision of how to automate the initial reconnaissance actions without user interaction by presenting…

Red Team

2 min read

Automated host recon, persistence and exfiltration
Automated host recon, persistence and exfiltration
Red Team

2 min read


Sep 9, 2019

Run PowerShell without Powershell.exe — Best tools & techniques

A walkthrough to discover the best tool to run powershell scripts and commands without using powershell.exe During last months, observing how the attackers and consequently the antivirus are moving, I thought of writing this article for all the pen testers and red teamers who are looking for the best technique…

Red Team

10 min read

How to running PowerShell commands without powershell.exe
How to running PowerShell commands without powershell.exe
Red Team

10 min read

Bank Security

Bank Security

1.1K Followers

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech