Blog Entries

16. 11. 2023 Beatrice Dall'Omo Red Team, SEC4U

Don’t Do Without EPSS: Vulnerability Prioritization

During a Vulnerability Remediation process, understanding which vulnerabilities pose a real and significant risk for an organization is not so obvious, and most of the time it involves several different aspects. It takes into consideration several factors related to available resources and time, company assets, severity, compatibility with fix methodologies, and others.  There is no…

Read More
30. 10. 2023 Mirko Ioris Blue Team, Red Team, SEC4U

Adding SOAR Features to the SOC – Part 1: Vulnerability Management

Security Orchestration, Automation and Response (SOAR) is a set of functionalities used by the SOC team to automate security activites, improve workflow management and share threat intelligence data. Security Operation Centres (SOCs) can leverage SOAR to gain in-depth knowledge of the threats they face, trigger automatic responses to security issues and achieve better efficiency. In this…

Read More
26. 10. 2023 Luca Zeni Blue Team, SEC4U

From Chaos to Case: How SLAs Make Life Better!

One of the primary responsibilities of a Security Operation Center (SOC) is to effectively manage issues related to monitoring the security perimeter. This involves the meticulous analysis of alerts, the creation of subsequent cases, and if necessary, the escalation of incidents to the client through ticketing systems or, in some cases, the closure of incidents…

Read More
01. 10. 2023 Elena Valgoi Events, NetEye, SEC4U, Unified Monitoring

NETEYE USER GROUP 2023… #italianedition

The event of the year, the NetEye User Group, is back! The User group is not only a chance to inform our customers about new products and releases, but also an occasion to meet and exchange feedback and ideas. This year the NetEye Usergroup took place in Rocca Sveva, a centuries old villa located in…

Read More
01. 10. 2023 Elena Valgoi Events, NetEye, SEC4U, Unified Monitoring


…also this year, Würth Phoenix & Gravitate organized the annual Usergroup DACH 2023 in Nuremberg. The Usergroup is not only a chance to inform our customers about new products and releases, but also an occasion to meet and exchange feedback and ideas. This year’s NetEye Usergroup took place in Nuremberg in the Romantik Hotel Rottner,…

Read More
28. 09. 2023 Massimo Giaimo Blue Team, SEC4U

Ransomware Negotiation: Dos and Don’ts!

Double extortion ransomware attacks have reached very high numerical values. One of the key elements, when suffering such an attack, concerns the negotiation that can be initiated (not always!) with the ransomware gang. The analysis, carried out by the SEC4U team, of hundreds of negotiations makes it possible to apply a scientific approach to this…

Read More
26. 09. 2023 Francesco Pavanello Exposure Assessment, SEC4U

Exposure Assessment: How to Identify Infrastructure Vulnerabilities

In our previous post about Exposure Assessment, we described how we outline a target’s infrastructure using SATAYO, our Cyber Threat Intelligence (CTI) platform. This means that we collected the identifiers of all the target’s machines, i.e., their host names and IP addresses. Now it’s time to understand which machines could allow an attacker to gain…

Read More
18. 09. 2023 Camilla Biamino Events, NetEye, SEC4U, Service Management

NetEye User Group IT 2023

The event dedicated to the NetEye community is back again! A taste of innovation! Discover the new trends in monitoring and service management seasoned with a pinch of Cybersecurity. Taste the nuances of the various successful NetEye projects and be guided by the scent of curiosity for the latest technological trends. Appointment on 28th of…

Read More
28. 08. 2023 Mirko Ioris Blue Team, SEC4U

Hacker Group Activities and Cyber Security Concerns | First Semester 2023

A Security Operation Center (SOC) is a service where the customer is an active participant. Establishing a good relationship with the customer is an important requirement for handling security incidents more efficiently. Our SOC analysts produce and deliver several reports, most of them on a monthly basis. They are usually presented to clients during a…

Read More
23. 08. 2023 Alessandro Mizzaro Development, Events, SEC4U

DEFCON 31: My Trip to Vegas w/ mhackeroni

Greetings, cyber enthusiasts! This year we hacked a satellite and won $50K!! Okay, now that I’ve got your attention, that last sentence isn’t fake, but let’s go back to a few days ago… I’m Alessandro — Alemmi on the internet — and while I always enjoy playing CTFs with my workmates here at Würth Phoenix,…

Read More
23. 06. 2023 Massimo Giaimo Blue Team, SEC4U

SOC vs. MDR: Understanding the Key Differences for Comprehensive Cybersecurity

Introduction In today’s increasingly complex cybersecurity landscape, it is crucial for organizations to adopt effective solutions to protect their data and digital assets from ever-evolving threats. Two commonly used services in this regard are SOC (Security Operations Center) and MDR (Managed Detection and Response). While both aim to ensure cybersecurity, there are important differences that…

Read More
13. 06. 2023 Mirko Ioris Blue Team, Red Team, SEC4U

The New .zip Domains do More Harm Than Good

In this article we’ll discuss the security concerns caused by Google’s introduction of .zip domains. First things first, let’s understand what a domain is and how it’s structured. What is a domain? A domain is a text string that allows a user to access the specified web site once typed into a browser. This string…

Read More
13. 06. 2023 Beatrice Dall'Omo Red Team, SEC4U

What We Know about the MOVEit Transfer 0-day

0-day vulnerabilities are predicted to grow more and more, posing new threats for the cybersecurity. It’s hard to predict them and when their exploit occurs, since developers and vendors are unaware of the flaw until they are actually exploited. Hence, there is no ready patch available for a 0-day vulnerability. MOVEit Transfer 0-day On May…

Read More
11. 06. 2023 Massimo Giaimo SEC4U

HackInBo – talk “pompompurin & co. – stories of seizures!”

On Friday 9 June 2023 I had the opportunity to participate as a speaker at the HackInBo Business event, one of the most important conferences on cyber security in Italy. During the talk I presented, I talked about the history of RaidForum, BreachForum and ExposedForum and the Genesis and Solomon marketplaces, recounting the seizures actions…

Read More
09. 06. 2023 Francesco Pavanello Exposure Assessment, SEC4U

Exposure Assessment: The Best Way to Easily Discover a Target’s Infrastructure

Overview of discovering hostnames and IP addresses using OSINT techniques.

Read More