Blog Entries

28. 09. 2023 Massimo Giaimo Blue Team, SEC4U

Ransomware negotiation: dos and don’ts!

Double extortion ransomware attacks have reached very high numerical values. One of the key elements, when suffering such an attack, concerns the negotiation that can be initiated (not always!) with the ransomware gang. The analysis, carried out by the SEC4U team, of hundreds of negotiations makes it possible to apply a scientific approach to this…

Read More
28. 08. 2023 Mirko Ioris Blue Team, SEC4U

Hacker Group Activities and Cyber Security Concerns | First Semester 2023

A Security Operation Center (SOC) is a service where the customer is an active participant. Establishing a good relationship with the customer is an important requirement for handling security incidents more efficiently. Our SOC analysts produce and deliver several reports, most of them on a monthly basis. They are usually presented to clients during a…

Read More
23. 06. 2023 Massimo Giaimo Blue Team, SEC4U

SOC vs. MDR: Understanding the Key Differences for Comprehensive Cybersecurity

Introduction In today’s increasingly complex cybersecurity landscape, it is crucial for organizations to adopt effective solutions to protect their data and digital assets from ever-evolving threats. Two commonly used services in this regard are SOC (Security Operations Center) and MDR (Managed Detection and Response). While both aim to ensure cybersecurity, there are important differences that…

Read More
13. 06. 2023 Mirko Ioris Blue Team, Red Team, SEC4U

The New .zip Domains do More Harm Than Good

In this article we’ll discuss the security concerns caused by Google’s introduction of .zip domains. First things first, let’s understand what a domain is and how it’s structured. What is a domain? A domain is a text string that allows a user to access the specified web site once typed into a browser. This string…

Read More
07. 02. 2023 Massimo Giaimo Blue Team, SEC4U

Ransomware Attack ESXi Servers with (to confirm) CVE-2021-21974

These days the landscape of cybercriminal activities seems to have as the only protagonists the Threat Actors who are carrying out an attack on publicly exposed VMware ESXi infrastructures. The French National Computer Emergency Response Team (CERT) published a security advisory on the ESXiArgs ransomware on February 3, 2023. Other important information regarding the attack was published…

Read More
18. 01. 2023 Massimo Giaimo Blue Team, SEC4U

Interview with a Member of the GhostSec Group

The Initial Message The last few days have been quite hectic with regard to cyber security in the industrial systems sector. The frenzy of these days began on January 11 with this message that appeared on the Telegram channel (https://t.me/GhostSecc) of the GhostSec group: The message was accompanied by a couple of screenshots: So are…

Read More
10. 01. 2023 Francesco Pavanello Blue Team, SEC4U

Spam Trap Box – A Powerful Method to Detect Phishing Attempts

It’s more and more common to receive emails asking for credentials. They usually say that there’s some kind of issue that can only be solved by accessing the involved service using the link inside the message text. In most cases these emails are malicious, intended to steal users’ or employees’ credentials and gain access to…

Read More
21. 12. 2022 Mirko Ioris Blue Team, SEC4U

Meet the SOC Weekly Reports, a New Way to Inform Customers

One of the most comprehensive services offered by Wuerth-Phoenix’s Cyber Security team is the Security Operation Center (SOC). An SOC is capable of monitoring an IT environment, scanning all messages sent within the internal network, and all operations performed on corporate devices. Through the use of detection rules, the SOC is able to identify anomalies…

Read More
21. 12. 2022 Massimo Giaimo Blue Team, SEC4U

Protected: Some Insight into the Differences between AV and EDR

There is no excerpt because this is a protected post.

Read More
20. 12. 2022 Massimo Giaimo Blue Team, SEC4U

Risepro: A New Infostealer Malware

The daily monitoring activities that we carry out within our Security Operation Center Attacker Centric have allowed us to identify the spread of a new infostealer type malware. Log (or information) stealer malware is a type of Trojan that gathers data in order to send it to the attacker. Typical targets are credentials saved in…

Read More
05. 08. 2022 Elena Valgoi Blue Team, Events, Exposure Assessment, Red Team

BLUE or RED TEAM? #makeyourchoice ~HACKINBO EDITION

Ever heard of HackInBo? HackInBo is the main event in Italy for the cyber security community, bringing together (for almost 10 years now!) hundreds of passionate attendees for two days in Bologna…. We were there on May 27th and 28th… and it was an amazing experience! This year, and for the first time, the event…

Read More
18. 05. 2022 Massimo Giaimo Blue Team

Correlation Between the Most Exploited CVEs and Detection Rules

On May 12th, the CSIRT (Computer Security Incident Response Team – Italia) published a list of the CVEs most exploited by threat actors. The list also contains an indication of the TTPs used by these attackers. The objective of this article is to make information available relating to detection rules that are already available within…

Read More
17. 05. 2022 Massimo Giaimo Blue Team, SEC4U

A Look Inside Dark Angels Negotiation and Some Details about Their TTP

Starting from a static analysis done by Cyble Research Lab (https://blog.cyble.com/2022/05/06/rebranded-babuk-ransomware-in-action-darkangels-ransomware-performs-targeted-attack/) of ransomware called Dark Angels, we gained evidence about the activities of the Dark Angels ransomware group. An OSINT analysis carried out by our Würth Phoenix team helped to reach the Ransom Operator blog and one of the victim pages. Based on the evidence…

Read More
17. 01. 2022 Massimo Giaimo Blue Team, SEC4U

An Evaluation of Elastic EDR with APT Simulator

We decided to carry out an evaluation of Elastic’s EDR using the APT Simulator (https://github.com/NextronSystems/APTSimulator) tool. This tool is widely used within the cyber security community and is highly reputed, as it was developed by Florian Roth, who also created the Sigma Rule project. APT Simulator is a Windows Batch script that uses a set…

Read More
13. 01. 2022 Simone Cagol Blue Team

Sigma Rule Crawler Project

Within our Attacker Centric Security Operation Center, we look for the best detection rules every day to help you detect attack scenarios. One of the most important projects that we use as a source in this area is without doubt that of Sigma Rule (https://github.com/SigmaHQ/sigma). The project, founded by Florian Roth (https://www.linkedin.com/in/floroth/), has almost 300…

Read More

Archive