Threat Intelligence Tradecraft

Show
Iranian Cyber Threats: Practical Advice for Security Professionals
January 6, 2020

Unless you went very dark for an extended holiday break, you are no doubt very well aware of the United …

read more

The Devil, the Details, and the Analysis of Competing Hypothesis

February 13, 2020

  Digital Shadows’ Photon Research Team recently released a comprehensive examination of the Analysis of Competing Hypothesis (ACH) method, in …

read more

ShadowTalk Update – CTI Frameworks, Wawa Breach Updates, APT34, and Coronavirus Phishing Scams

February 10, 2020

In this week’s episode, Jamie starts by talking about his recent blog, Cyber Threat Intelligence Frameworks, with 5 rules for …

read more

Red Team Blues: A 10 step security program for Windows Active Directory environments

February 6, 2020

  A fun tweet crossed our path recently, the author asked, “Redteam operators: Which defensive settings have you encountered that …

read more

How to Operationalize Threat Intelligence: Actionability and Context

February 5, 2020

  In 1988 the idea of a Computer Emergency Response Team was first introduced at Carnegie Mellon University. Fast-forward through …

read more

ShadowTalk Update – SANS CTI Summit, Snake Ransomware, CacheOut, and Citrix Vuln Update

February 3, 2020

Rick Holland jumps in to kick-off this week’s episode to recap the 2020 SANS CTI Summit with Harrison. Then Harrison, …

read more

Cyber Threat Intelligence Frameworks: 5 Rules for Integrating These Frameworks

January 29, 2020

  As the cyber threat intelligence (CTI) industry continues to grow, so does the discipline’s thinking tools. Whether your intelligence …

read more

SANS Cyber Threat Intelligence Summit 2020: A Recap

January 28, 2020

  Last week I attended the eighth annual SANS Cyber Threat Intelligence Summit in Crystal City, Virginia. I want to …

read more

ShadowTalk Update – Citrix Vulnerability, Microsoft Data Breach, and Telnet Credentials Published

January 27, 2020

Following on from last week, Citrix released a first set of patches to fix a vulnerability (CVE-2019 -19781) affecting the …

read more

ShadowTalk Update – NSA Vulnerability Disclosure, Ransomware News, and Iran Updates

January 20, 2020

Kacey, Charles, Alex, and Harrison host this week’s threat intelligence update from Dallas. We kick off with vulnerabilities from the …

read more

Iran and the United States – start of the long war or return to normal?

January 13, 2020

  On 03 Jan 2020, the United States conducted a targeted killing of Major General Qasem Soleimani, commander of the …

read more

ShadowTalk Update – Iranian Cyber Threats, Travelex Ransomware Attack, and Exploit Forum updates

January 10, 2020

We’re back with our weekly ShadowTalk episodes! Viktoria hosts this week and introduces the episode bringing Sammy on to provide …

read more

Iranian APT Groups’ Tradecraft Styles: Using Mitre ATT&CK™ and the ASD Essential 8

January 7, 2020

  With the recent news of Qasem Soleimani on Friday 3rd January 2020, many organizations have been reviewing their security …

read more

Iran and Soleimani: Monitoring the Situation

January 7, 2020

*This blog has been updated as of Jan 9, 2020.  Welcome to 2020. Have a good holiday? Back to work …

read more

ShadowTalk Update – Jingle Bell Ryuk: NOLA Ransomware, Ring Doorbells, and 2020 Predictions

December 23, 2019

CISO Rick Holland joins our ShadowTalk hosts (Viktoria, Alex, and Harrison) for our holiday special! This week the team covers: …

read more

ShadowTalk Update – Tochka Dark Web Market Offline, Market.ms Closes, and Data Leakage Stories

December 16, 2019

Alex, Harrison, Kacey, and Charles chat this week on some dark web and cybercriminal updates, data leakage stories that have …

read more

Threat Intelligence: A Deep Dive

December 12, 2019

  Welcome to our deep dive on threat intelligence: intended to help security professionals embarking on creating and building a …

read more

ShadowTalk Update – Cybercriminal Forum Research, Mixcloud Breach, and International Crackdown on RAT Spyware

December 9, 2019

Viktoria invites Stewart Bertram to kick-off this week’s episode around new cybercrime research we put out on the Modern Cybercriminal …

read more

A Threat Intelligence Analyst’s Guide to Today’s Sources of Bias

December 5, 2019

  In an industry prone to going overboard with fear-based marketing, the cyber threat intelligence (CTI) community has a refreshing …

read more

ShadowTalk Update – RIPlace, Trickbot, and Russian-language forum Probiv

December 2, 2019

No ShadowTalk podcast episode this week, but updates from the Intelligence Summary are below. Updates from this week’s Intelligence Summary …

read more

ShadowTalk Update – Black Friday Deals on the Dark Web, Phineas Fisher Manifesto, and DarkMarket

November 25, 2019

Adam Cook and Viktoria Austin talk through the security and threat intelligence stories of this week including an update around …

read more

BSidesDFW 2019: OSINT Workshop Recap

November 18, 2019

  A few Saturdays ago, we had the pleasure of presenting at BSidesDFW in Fort Worth, Texas. We were all …

read more

ShadowTalk Update – BSidesDFW Recap, Dynamic CVV Analysis, and the Facebook Camera Bug

November 18, 2019

Dallas is sound effects and all this week with Kacey, Charles, Alex, and Harrison. The team discusses their recent OSINT …

read more

ShadowTalk Update – BlueKeep Attacks, Megacortex Ransomware, and Web.com Breach

November 11, 2019

This week the London team looks at the following stories: BlueKeep Exploit Could Rapidly Spread Megacortex Ransomware Changes Windows Passwords …

read more

ShadowTalk Update – Avast Breach Attempt, NordVPN Breach, and Wifi Security Risks

November 4, 2019

Adam Cook, Philip Doherty, and Viktoria Austin host this week’s ShadowTalk update around an unsecured Elasticsearch database exposing account information …

read more

Understanding the Different Cybercriminal Platforms: AVCs, Marketplaces, and Forums

October 31, 2019

  With the recent breach that targeted BriansClub, automated vending carts (better known as AVCs), have received significant media attention …

read more

Cybercriminal credit card stores: Is Brian out of the club?

October 31, 2019

  If you’re an avid follower of Digital Shadows’ blogs, or just have a general interest in the cybercriminal landscape, …

read more

Your Cyber Security Career – Press start to begin

October 30, 2019

  October was Cyber Security Awareness month, and as a follow-up, I thought it would be good  to talk about …

read more

Australia Cyber Threat Landscape report (H1 2019)

October 29, 2019

Depending on where you are in the world, October is characterized by the onset of a new season and/or fewer …

read more

ShadowTalk Update – Avast Breach Attempt, NordVPN Breach, and Wifi Security Risks

October 25, 2019

We’ve got all 3 ShadowTalk hosts in Dallas this week: Harrison Van Riper, Viktoria Austin, and Alex Guirakhoo. The team …

read more

Japan Cyber Threat Landscape report (H1 2019)

October 22, 2019

Japan: currently the host of the multi-national sporting event, the Rugby World Cup, and soon to be host of the …

read more

ShadowTalk Update – Typosquatting and the 2020 U.S. Election, Honeypots, And Sudo Vulnerability

October 18, 2019

Kacey, Charles, Harrison, and Alex kick off this week’s episode talking about our Fall Dallas team event (an amateur version …

read more

Honeypots: Tracking Attacks Against Misconfigured or Exposed Services

October 17, 2019

Honeypots can be useful tools for gathering information on current attack techniques. Conversely, they can be an overwhelming source of …

read more

Typosquatting and the 2020 U.S. Presidential election: Cyberspace as the new political battleground

October 16, 2019

Typosquatting. It’s a phrase most of us know in the security realm and think we’ve got our hands and minds …

read more

ShadowTalk Update – Iran-linked APT35, Skimming by Magecart 4, Rancour, and Emotet Resurgence

October 11, 2019

We’re back in London this week! Viktoria chats with Adam Cook, Philip Doherty, and Josh Poole on this week’s top …

read more

ANU Breach Report: Mapping to Mitre ATT&CK Framework

October 11, 2019

Introduction This week, the Australian National University (ANU) published a report on an intrusion into their networks that occurred in …

read more

ShadowTalk Update – Magecart Five Widens Attack Vectors, Suspected Chinese Threat Actor Targets Airbus Suppliers, and Tortoiseshell Developments

October 4, 2019

Coming to you from London this week, Jamie Collier, Philip Doherty, and Josh Poole join Viktoria Austin for our weekly …

read more

Top Threat Intelligence Podcasts to Add to Your Playlist

October 3, 2019

Looking for some new threat intelligence podcasts to add to your playlist? Look no further! Our Photon Threat Intelligence Research …

read more

Domain Squatting: The Phisher-man’s Friend

October 1, 2019

In the past we have talked about the internal assessments that we perform here at Digital Shadows. As part of …

read more

ShadowTalk Update – Tortoiseshell Targets IT Providers, the Tyurin Indictment, and Emotet’s Return

September 27, 2019

Viktoria hosts this week’s episode in London with Phillip Doherty and Adam Cook. After a quick debate around the top …

read more

Singapore Cyber Threat Landscape report (H1 2019)

September 26, 2019

Despite being the second smallest country in Asia, Singapore is a global financial and economic hub. On top of this, …

read more

Mapping the Tyurin Indictment to the Mitre ATT&CK™ framework

September 25, 2019

Between 2012 to mid-2015, U.S. financial institutions, financial services corporations and financial news publishers fell victim to one of the …

read more

ShadowTalk Update – Universities still attracting espionage from Iran, SimJacker exploit, NCSC Threat Trends, and Ransomware Updates

September 20, 2019

It’s Harrison and Alex this week for your threat intelligence updates. The guys first dig into the NCSC’s recent threat …

read more

Nemty Ransomware: Slow and Steady Wins the Race?

September 19, 2019

As we outlined recently, ransomware is a key theme of the NCSC Cyber Trends Report: it’s a pervasive threat that …

read more

NCSC Cyber Threat Trends Report: Analysis of Attacks Across UK Industries

September 18, 2019

The United Kingdom’s National Cyber Security Centre (NCSC) recently released their Incident trends report (October 2018 – April 2019) which …

read more

ShadowTalk Update – Metasploit Project Publishes Exploit For Bluekeep, plus APT3 and Silence Cybercrime Group Updates

September 13, 2019

Viktoria Austin is joined by Adam Cook and Phil Dohetry this week in the London office to talk about the …

read more

Mapping the NIST Cybersecurity Framework to SearchLight: Eating our own BBQ

September 10, 2019

Back in February, I wrote about how we avoid the term “eat your own dog food” here at Digital Shadows, …

read more

ShadowTalk Update – Ryuk Ransomware, Twitter rids SMS tweets, and Facebook Records Exposed

September 9, 2019

Alex, Alec, and Harrison are in the room today discussing 3 top stories from the week. First up – a …

read more

ShadowTalk Update – More Sodinokibi Activity, Imperva Breach, and Weirdest Food at the Texas State Fair

September 2, 2019

CISO Rick Holland and Alex Guirakhoo join Harrison Van Riper this week to talk through more Sodinokibi activity. Just yesterday, …

read more

Emotet Returns: How To Track Its Updates

August 26, 2019

What is Emotet? Emotet started life as a banking trojan in 2014; targeting financial information on victim computers. However, over …

read more

ShadowTalk Update – Texas Ransomware Outbreaks and Phishing Attacks Using Custom 404 pages

August 23, 2019

Charles Ragland (a brand new ShadowTalk-er!) and Christian Rencken join Harrison this week to discuss an outbreak of ransomware attacks …

read more