Threat Intelligence Tradecraft

Show
Don’t Just Read Intelligence: Learn From It
January 17, 2019

The Importance of Learning in Cyber Security Those unfamiliar with the field of computer security, reading the news headlines about …

read more

ShadowTalk Update – Nightmare Market in Disarray and SEC Investigation into Data Leak at First American Financial Corp

August 16, 2019

Harrison is back! Alex and Christian join this week to discuss how Black Hat and DEFCON went last week, analyze …

read more

Recon Village: Panning for gold

August 1, 2019

Richard will be presenting ‘Asset Discovery: Making Sense of the Ocean of OSINT’ at 13.50 on 9th August 2019 in …

read more

The Account Takeover Kill Chain: A Five Step Analysis

July 30, 2019

It’s no secret that credential exposure is a growing problem. Take a look at Troy Hunt’s https://www.haveibeenpwned.com – a tool …

read more

ShadowTalk Update – More BlueKeep updates, FSB contractor hacked, and the Enigma Market

July 29, 2019

Christian and Travis sit down with Harrison to discuss even more BlueKeep updates since last week, as a technical presentation gets uploaded to …

read more

ShadowTalk Update – Marriott Faces GDPR Fines, TA505 Global Attacks, Zoom 0-Day, and New Magecart Activity

July 12, 2019

Kacey and Alex join Harrison to walk through this week’s threat intelligence stories. Alex walks us through the highlight story this …

read more

Harnessing Exposed Data to Enhance Cyber Intelligence

July 11, 2019

Register for our upcoming webinar “Harnessing Exposed Data to Enhance Cyber Intelligence” with Harrison Van Riper and Michael Marriott to …

read more

ShadowTalk Update – Operation Soft Cell, Libra Cryptocurrency Impersonations, and New Cyber Espionage Activity

June 28, 2019

This week Alex and Phil join Harrison to discuss Operation Soft Cell, a campaign that has been actively compromising telecommunications …

read more

ShadowTalk Update – Google Calendar Phishing, Exim Email Server Vulnerability, and Diversity in Cybersecurity

June 24, 2019

This week Alex and Jamie chat with Harrison on a cyber-threat campaign involving the abuse of legitimate features in Google …

read more

ShadowTalk Update – XMRig Cryptocurrency Mining, FIN8 Backdoor, and Attacks Against Office 365

June 17, 2019

This week Harrison is joined by Travis and Alec to discuss the security stories of the week including a fileless malware …

read more

Managing Infosec Burnout: The Hidden Perpetrator

June 10, 2019

The secret of the burnout epidemic lies in how we feel about our stress, not the things that stress us …

read more

ShadowTalk Update – “HiddenWasp” and “BlackSquid” malware, TA505 and Turla actvity, and Too Much Information:The Sequel

June 7, 2019

Alex and Christian join HVR this week to discuss the Linux malware “HiddenWasp” (along with HVR’s hatred of the insect), …

read more

BlueKeep: Cutting through the hype to prepare your organization

May 24, 2019

Over the last week we have all been tuning into our news feeds and listening to the security folks chatting …

read more

Mapping Iran’s Rana Institute to MITRE Pre-ATT&CK™ and ATT&CK™

May 15, 2019

The internet has been aflame with discussions around three leaks of internal information from APT groups attributed with the Islamic …

read more

Cyber Talent Gap: How to Do More With Less

May 14, 2019

The challenge facing us today is twofold: not only is the digital footprint of the organizations we want to protect …

read more

ShadowTalk Update – 5.06.19

May 13, 2019

Kacey and Alex join HVR this week to talk through the key stories this week including a new threat group …

read more

ShadowTalk Update – 5.06.19

May 6, 2019

Phil and newcomer Benjamin Newman join Harrison for another edition of the Weekly Intelligence Summary. The guys cover two distinct …

read more

ShadowTalk Update – 4.29.19

April 29, 2019

Jamie and Alex are back with Harrison this week to talk about the leak of information related to APT34 on …

read more

ShadowTalk Update – 4.22.19

April 22, 2019

This week the team discusses an unidentified threat actor that has obtained data from various personal Outlook, MSN, and Hotmail …

read more

ShadowTalk Update – 4.15.19

April 15, 2019

Christian and Jamie join Harrison for another week of ShadowTalk to discuss the FIN6 threat actor reportedly widening its range …

read more

ShadowTalk Update – 4.8.19

April 8, 2019

Jamie, Alex and Zuko sit down with Harrison to talk about a story that flew a little under the radar …

read more

Predator: Modeling the attacker’s mindset

April 2, 2019

Author: Richard Gold  The phrases “attacker’s mindset” or “think like an attacker” are often used in cyber security to encourage …

read more

ShadowTalk Update – 4.1.19

March 29, 2019

Christian and Jamie sit down with Harrison to talk about the compromised Asus server used to distribute backdoor malware to …

read more

ShadowTalk Update – 3.25.19

March 25, 2019

Harrison chats with Jamie and Alex this week on an attack on Norwegian aluminum and renewable-energy company Norsk Hydro ASA. …

read more

ShadowTalk Update – 3.18.19

March 18, 2019

Harrison sits down with Rose and Christian for a quick chat about APT40 targeting educational maritime research, as well as …

read more

ShadowTalk Update – 3.11.19

March 11, 2019

This week Jamie and Alex join Harrison to look at Fin6, who has begun regularly targeting card-not-present data on e-commerce …

read more

Purple Teaming with Vectr, Cobalt Strike, and MITRE ATT&CK™

March 6, 2019

Authors: Simon Hall, Isidoros Monogioudis   Here at Digital Shadows we perform regular purple team exercises to continually challenge and …

read more

ShadowTalk Update – 3.04.19

March 4, 2019

This week Rose and Phil join Harrison to discuss a three-stage cryptocurrency mining attack using Mimikatz and Radmin in tandem. …

read more

SamSam But Different: MITRE ATT&CK and the SamSam Group Indictment

February 26, 2019

In our latest research report, A Tale of Epic Extortions, the Digital Shadows Photon Research Team highlight how cybercriminals abuse our …

read more

ShadowTalk Update – 2.25.19

February 25, 2019

This week, Phil and Alex join Harrison to discuss a new malware delivery technique using the Outlook preview panel. Also, …

read more

ShadowTalk Update – 2.18.19

February 19, 2019

Alex and Jamie matched with Harrison in this Valentine’s week episode of ShadowTalk. We discuss why four different APT groups …

read more

ShadowTalk Update – 2.11.19

February 8, 2019

Alex and Jamie join Harrison to discuss how the United Arab Emirates (UAE) intelligence services compromised iPhones through the “Karma” …

read more

SANS DFIR Cyber Threat Intelligence Summit 2019 – Extracting More Value from Your CTI Program

February 5, 2019

We were fortunate to attend the 2019 SANS DFIR Cyber Threat Intelligence Summit this year, which brings together some of …

read more

ShadowTalk Update – 2.4.19

February 4, 2019

This week, Alex Guirakhoo and Jamie Collier join Harrison to discuss APT39, a new Iran-linked espionage group, as well as …

read more

ShadowTalk Update – 1.28.19

January 26, 2019

This week Rose, Jamie, and Alex talk with Harrison on a huge data dump called “Collection #1”, containing over 770 …

read more

ShadowTalk Update – 1.21.19

January 19, 2019

This week, Alex Guirakhoo and Philip Doherty join Harrison Van Riper to discuss two recent, unrelated, financially-motivated cyber attack campaigns …

read more

ShadowTalk Update – 1.14.19

January 14, 2019

We’ve just released our first Weekly Intelligence Summary episode of ShadowTalk. In this new track, Harrison Van Riper will be …

read more

Security Analyst Spotlight Series: Phil Doherty

January 10, 2019

Organizations rely on Digital Shadows to be an extension of their security team. Our global team of analysts provide relevant …

read more

ShadowTalk Update – 17.10.2018

December 17, 2018

Following from our recent research, Tackling Phishing: The Most Popular Phishing Techniques and What You Can Do About It, the …

read more

Tackling Phishing: The Most Popular Phishing Techniques and What You Can Do About It

December 12, 2018

Overall, the infosec community has done a relatively good job in securing systems. While a measure of restrained back-patting is …

read more

ShadowTalk Update – 12.10.2018

December 10, 2018

In this week’s ShadowTalk, Rick Holland and Harrison Van Riper join Michael Marriott to discuss the implications of the Marriott …

read more

ShadowTalk Update – 12.03.2018

December 3, 2018

Michael Marriott, Dr Richard Gold and Simon Hall discuss our recent findings on threat actors using cracked versions of Cobalt …

read more

Threat Actors Use of Cobalt Strike: Why Defense is Offense’s Child

November 29, 2018

I’m a big fan of the Cobalt Strike threat emulation software. Here at Digital Shadows, it’s a staple of our …

read more

Mapping the ASD Essential 8 to the Mitre ATT&CK™ framework

November 27, 2018

Australian Signals Directorate Essential 8 The Australian Signals Directorate (ASD) has published what it calls the “Essential 8”: a set …

read more

ShadowTalk Update – 11.26.2018

November 26, 2018

With Black Friday kicking off the holiday spending season, Harrison Van Riper, Jamie Collier, and Rafael Amado focus on cyber …

read more

ShadowTalk Update – 11.19.2018

November 19, 2018

Leaked court documents surfaced this week detailing how Italian authorities tried and ultimately failed to identify and convict the vigilante …

read more

A Look Back at the ENISA Cyber Threat Intelligence-EU Workshop 2018

November 13, 2018

I recently attended the ENISA (European Union Agency for Network and Information Security) Threat Intelligence Workshop held in Brussels on …

read more

ShadowTalk Update – 11.12.2018

November 12, 2018

In this week’s ShadowTalk, we discuss the big vulnerability and exploit stories of the week. The team discuss the Cisco …

read more

Security Analyst Spotlight Series: Adam Cook

November 7, 2018

Organizations rely on our cyber intelligence analysts to be an extension of their security team. Our global team of analysts provide relevant …

read more

ShadowTalk Update – 11.05.2018

November 5, 2018

In November 2016, Tesco Bank suffered a series of fraud attacks that allowed cybercriminals to check out with £2.26m (roughly …

read more

ShadowTalk Update – 10.29.2018

October 29, 2018

In this week’s ShadowTalk, Harrison Van Riper and Rafael Amado join Michael Marriott to discuss the latest stories from the …

read more