Lunar Spider Expands their Web via FakeCaptcha

Key Findings Lunar Spider has expanded its initial access methods by compromising vulnerable websites, particularly in Europe, using Cross-Origin Resource Sharing (CORS) vulnerabilities. These websites are then injected with a FakeCaptcha framework. The FakeCaptcha framework is introduced via a JavaScript script that generates an iframe, overlaying the original site's content with the attacker's FakeCaptcha page. … Continue reading Lunar Spider Expands their Web via FakeCaptcha →

Securing Microsoft Entra ID: Lessons from the Field – Part 1

This multipart blog series is focused on the real-world lessons learned while securing Microsoft Entra ID. Based on hands-on experience across various environments and organizations, we’ll explore the practical, high-impact strategies that work and more importantly, the common misconfigurations, overlooked settings, and pitfalls that can expose your identity perimeter. Throughout the series, we’ll cover both … Continue reading Securing Microsoft Entra ID: Lessons from the Field – Part 1 →

Tracking historical IP assignments with Defender for Endpoint logs

A new incident comes in. The CEO’s laptop shows possible Cobalt Strike activity. Your host investigation shows that the attacker likely gained privileged access to her host and the initial activity is from two days ago. You contain the host in your EDR agent. But now you must determine if the attacker moved laterally inside … Continue reading Tracking historical IP assignments with Defender for Endpoint logs →

How to hunt & defend against Business Email Compromise (BEC)

Business email compromise (BEC) remains a commonly utilized tactic that serves as leverage for adversaries to gain access to user resources or company information. Depending on the end goals of the adversaries, and on the compromised user’s business role - the potential impact can vary from simply accessing sensitive information (e.g., from emails, files uploaded … Continue reading How to hunt & defend against Business Email Compromise (BEC) →

Hunting for Remote Management Tools: Detecting RMMs

In our previous blog post about RMM (Remote Management and Monitoring) tools, we highlighted the prevalence of such tooling in nearly every organization’s environment. In today’s world, where many organizations support remote work, RMM tools are frequently utilized to help provide assistance to end users and to allow IT administrators to perform their tasks from … Continue reading Hunting for Remote Management Tools: Detecting RMMs →

From Evidence to Advantage: Leveraging Incident Response Artifacts for Red Team Engagements

Leveraging Incident Response Artifacts featured image

What is this blog post about? This blog post is about why incident responder artifacts not only play a role on the defensive but also offensive side of cyber security. We are gonna look at some of the usually collected evidences and how they can be valuable to us as red team operators. We will … Continue reading From Evidence to Advantage: Leveraging Incident Response Artifacts for Red Team Engagements →