Blog Entries

05. 08. 2022 Elena Valgoi Blue Team, Events, Exposure Assessment, Red Team

BLUE or RED TEAM? #makeyourchoice ~HACKINBO EDITION

Ever heard of HackInBo? HackInBo is the main event in Italy for the cyber security community, bringing together (for almost 10 years now!) hundreds of passionate attendees for two days in Bologna…. We were there on May 27th and 28th… and it was an amazing experience! This year, and for the first time, the event…

Read More
18. 05. 2022 Massimo Giaimo Blue Team

Correlation Between the Most Exploited CVEs and Detection Rules

On May 12th, the CSIRT (Computer Security Incident Response Team – Italia) published a list of the CVEs most exploited by threat actors. The list also contains an indication of the TTPs used by these attackers. The objective of this article is to make information available relating to detection rules that are already available within…

Read More
17. 05. 2022 Massimo Giaimo Blue Team, SEC4U

A Look Inside Dark Angels Negotiation and Some Details about Their TTP

Starting from a static analysis done by Cyble Research Lab (https://blog.cyble.com/2022/05/06/rebranded-babuk-ransomware-in-action-darkangels-ransomware-performs-targeted-attack/) of ransomware called Dark Angels, we gained evidence about the activities of the Dark Angels ransomware group. An OSINT analysis carried out by our Würth Phoenix team helped to reach the Ransom Operator blog and one of the victim pages. Based on the evidence…

Read More
17. 01. 2022 Massimo Giaimo Blue Team, SEC4U

An Evaluation of Elastic EDR with APT Simulator

We decided to carry out an evaluation of Elastic’s EDR using the APT Simulator (https://github.com/NextronSystems/APTSimulator) tool. This tool is widely used within the cyber security community and is highly reputed, as it was developed by Florian Roth, who also created the Sigma Rule project. APT Simulator is a Windows Batch script that uses a set…

Read More
13. 01. 2022 Simone Cagol Blue Team

Sigma Rule Crawler Project

Within our Attacker Centric Security Operation Center, we look for the best detection rules every day to help you detect attack scenarios. One of the most important projects that we use as a source in this area is without doubt that of Sigma Rule (https://github.com/SigmaHQ/sigma). The project, founded by Florian Roth (https://www.linkedin.com/in/floroth/), has almost 300…

Read More
28. 10. 2021 Simone Cagol Blue Team, Exposure Assessment, SEC4U

Cyber Threat Intelligence: Enrichment with SATAYO IoC

One of the important elements of Cyber Threat Intelligence activity is the verification of IoCs (Indicators of Compromise) that can identify threats that can create an impact on your organization. In parallel to our OSINT and Cyber Threat Intelligence SATAYO platform we have implemented the SATAYO IoC database which currently has about 900,000 elements. Among…

Read More
09. 07. 2021 Massimo Giaimo Blue Team, SEC4U

Analysis of a Dark Web site

In this article we will see together how to perform an analysis of a site present on the Dark Web and more precisely of a site present within the Tor network. Our point of reference will be the site of the Avos ransomware gang, which has just started its cyber criminal activity a few weeks…

Read More
12. 03. 2021 Massimo Giaimo Blue Team, Log-SIEM, SEC4U

Microsoft Exchange 0-Day: Let’s Look at the Facts!

I’m writing this article with the goal of summarizing the events of recent days concerning the zero-day vulnerability that has struck Microsoft Exchange installations, and to provide some useful information to help you understand how the attack began, how it developed, and what we should expect in the immediate future. First of all, a quick…

Read More

Archive