Threat Research Blog

Azure PIM Default Configuration Creates “Shadow Admin” Risks

Read More

Hybrid Identities: The On-Prem to Cloud Connection

Read More

Preventing BlackMatter Ransomware from Encryption of Available Remote Share

Read More

MailSniper – You Can Teach an Old Dog New Tricks: Pwn O365-based Organizations by Leveraging PRT-based SSO

Read More

When Everyone’s Dog Is Named Fluffy

Read More

Externalizing deception: The creation and use of deceptive Open Source Intelligence

Read More

Deconstructing a Modern Bank Heist: the [not] Carbanak source code leak

Read More

Why and How to Extract Network Connection Timestamps for DFIR Investigations

Read More

Improving Cyber Investigation Outcomes through Better Visualization of Historic Process Execution Events

Read More

Windows Console Command History: Valuable Evidence for Live Response Investigation

Read More