Blog Entries

30. 04. 2024 Mirko Ioris SOCnews

SOC News | Apr 30 – New Cyber Attacker Groups Detected

During the last week of April, our Attacker Centric SOC detected multiple new cyber attacker group websites in the Dark Web. Called Dedicated Leak Sites (DLS), they are widely used by ransomware gangs to publish stolen confidential data when the victim refuses to pay the ransom. Usually, after an attack is claimed, a small amount of…

Read More
24. 04. 2024 Mirko Ioris SOCnews

SOC News | Apr 24 – Full AMMEGA Data Breach Published

Using our CTI SATAYO platform, we identified an artifact belonging to AMMEGA’s data breach. AMMEGA is a multinational manufacturing company based in the Netherlands with revenues of $1.2 billion. It was the victim of an attack carried out by the Cactus ransomware gang in early March. The ransomware operators exfiltrated 3 TB of data and…

Read More
15. 03. 2024 Luca Zeni Blue Team, SEC4U

SATAYO and SOC: in the New Midlands

This article explains how the Cyber Threat Intelligence platform SATAYO serves as a powerful resource to optimize processes and strengthen threat coverage within the Würth Phoenix Attacker Centric SOC. We will analyze the utilization of SATAYO’s internal resources for creating Detection Rules and managing SOC alerts. Additionally, we will examine how the logs in SIEM…

Read More
20. 12. 2023 Massimo Giaimo Exposure Assessment, SEC4U

EPSS implementation in SATAYO

The Exploit Prediction Scoring System (EPSS) is a data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild , as my colleague Beatrice Dall’Omo has already had the opportunity to talk about in this article. EPSS was developed by FIRST ( with the aim of assisting those responsible…

Read More
14. 12. 2023 Massimo Giaimo SEC4U

Enrichment of the Ransomfeed Project

There are community projects that, once implemented, become true points of reference. One of these is certainly the DRM – Dashboard Ransomware Monitor project. This project, founded by Dario Fadda in 2020, monitors ransomware groups through scraping activities, to store claims regarding victims within a permanent RSS feed. However not everyone knows that starting from…

Read More
26. 09. 2023 Francesco Pavanello Exposure Assessment, SEC4U

Exposure Assessment: How to Identify Infrastructure Vulnerabilities

In our previous post about Exposure Assessment, we described how we outline a target’s infrastructure using SATAYO, our Cyber Threat Intelligence (CTI) platform. This means that we collected the identifiers of all the target’s machines, i.e., their host names and IP addresses. Now it’s time to understand which machines could allow an attacker to gain…

Read More
09. 06. 2023 Francesco Pavanello Exposure Assessment, SEC4U

Exposure Assessment: The Best Way to Easily Discover a Target’s Infrastructure

Overview of discovering hostnames and IP addresses using OSINT techniques.

Read More
05. 12. 2022 Massimo Giaimo Exposure Assessment

HackInBo Business Edition – Winter 2022 – Our Participation

On December 2 we participated, as platinum sponsors, in the second edition of the HackInBo Business event. For 10 years, HackInBo has been one of the most important IT security conferences in Italy, and for this edition too we wanted to give our contribution by participating with a 40-minute talk. The formula of the event…

Read More
28. 10. 2021 Simone Cagol Blue Team, Exposure Assessment, SEC4U

Cyber Threat Intelligence: Enrichment with SATAYO IoC

One of the important elements of Cyber Threat Intelligence activity is the verification of IoCs (Indicators of Compromise) that can identify threats that can create an impact on your organization. In parallel to our OSINT and Cyber Threat Intelligence SATAYO platform we have implemented the SATAYO IoC database which currently has about 900,000 elements. Among…

Read More
23. 09. 2021 Massimo Giaimo Exposure Assessment, SEC4U

Exposure Assessment: Straight to the Point!

In this second post on the Exposure Assessment topic we’ll start from the end! We’ve just put into production, within our OSINT & Cyber Threat Intelligence SATAYO platform, an internal search engine that aims to simplify the search for evidence within the platform itself. This is a development that has been particularly requested by those…

Read More
02. 09. 2021 Massimo Giaimo Exposure Assessment, SEC4U

Exposure Assessment: Know the Attack Surface

This is the first in a series of articles that aims to technically describe the various objects collected within our Exposure Assessment activity, based on our OSINT & Cyber Threat Intelligence SATAYO platform. Its functionalities and the elements make it a fundamental tool for all organizations wishing to continuously monitor their exposure within public domain…

Read More