Faster. Cleaner. More focused review. Reviewing large THOR scan reports can be time-consuming, especially when analysts need to quickly understand why a detection was triggered, identify the affected artifact, and separate signal from noise. To make this process...
During a recent incident, we identified a sophisticated sideloading infection chain dropping a custom implant for data exfiltration. Further analysis allowed us to attribute the activity to the Iran-nexus APT group Nimbus Manticore, also tracked as UNC1549 and Smoke...
We're thrilled to announce an exciting collaboration with our esteemed partner, Mjolnir Security. Immerse yourself in their renowned “Blue Team Incident Response Training” taking place from the 23rd to the 26th of October. This four-day intensive program promises a...
New Baselining Views Over the course of the last 18 months we reviewed most of our detections regarding their success in real world scenarios. In this context "success" means, that the detection uncovered malicious activity in the wild and at the same time had a low...
A long time ago I've noticed that there is no single best YARA rule for a given sample, but different best solutions depending on the user's requirements and use case. I noticed that I often create 2 to 3 YARA rules for a single sample that I process, while each of...