Andy's News Roundup
Creating AWS security efficiencies in IT
#Cybersecurity
As we enter 2023, both security and digital transformation efforts (e.g. cloud migration) continue to be important priorities for organizations. This combination brings huge challenges for IT teams, who are not only required to facilitate major digital changes and increase developer productivity but also ensure that this transformation is secure by default. When using AWS in particular, it’s challenging to understand how to strike this balance between accelerated cloud growth and security. AWS’ ecosystem is vast — almost overwhelmingly so. But luckily, there are several steps that your teams can take to create AWS efficiencies and streamline cloud security. Three...A Breach at LastPass Has Password Lessons for Us All
#Cybersecurity
The hacking of the password manager should make us reassess whether to trust companies to store our sensitive data in the cloud....BitRAT Now Sharing Sensitive Bank Data as a Lure
#Cybersecurity

Introduction In June of 2022 Qualys Threat Research Unit (TRU) wrote an in-depth report on Redline, a commercial off the shelf infostealer that spreads via fake cracked software hosted on Discord’s content delivery network. Since then, we have continued to track similar threats to identify their evolving capabilities. In this blog, we will highlight our findings on another commercial off the shelf malware – BitRAT. BitRAT is a fairly recent, notorious remote access trojan (RAT) marketed on underground cybercriminal web markets and forums since Feb 2021. The RAT is particularly well known for its social media presence and functionality such...
Persistence and LOLBins
#Forensics

Grzegorz/@0gtweet tweeted something recently that I thought was fascinating, suggesting that a Registry modification might be considered an LOLBin. What he shared was pretty interesting, so I tried it out.First, the Registry modification:reg add "HKLM\System\CurrentControlSet\Control\Terminal Server\Utilities\query" /v LOLBin /t REG_MULTI_SZ /d 0\01\0LOLBin\0calc.exeThen the command to launch calc.exe:query LOLBinNow, I've tried this on a Windows 10 system and it works great, even though Terminal Services isn't actually running on this system. Running just the "query" command on both Windows 10 and Windows 11 systems (neither with Terminal Services running) results in the same output on both:C:\Users\harlan>queryInvalid parameter(s)QUERY { PROCESS | SESSION...
Previous page Next page
RSS