Title here
Summary here
StrikeReady Labs
Russia-nexus actor targets Ukraine
Russian attackers continue to bypass detection technologies with simplistic yet effective techniques. In this blog we examine a campaign targeting Ukraine leveraging email attachments less than 150 bytes, which seem to bypass certain tools.
July 24, 2024 by StrikeReady Labs3 minutes
This ELF is not your buddy
The volume of Linux malware is orders of magnitude less than for other operating systems, and as such, has fewer eyeballs researching it. Analysts don't want to spend thousands of hours building detection systems for threats that they will never see. However, for an enterprising hunter, this lack of prevalence can work in your favor --- if your enterprise only sees one or two ELF email attachments per year, you can afford to give each a quick eyeball.
June 27, 2024 by StrikeReady Labs6 minutes
Armageddon is more than a Grammy-nominated album
Russian government hackers continue to leverage novel techniques for defeating automated analysis systems. In this blog, we examine a simple html trick for waiting for a user to jiggle the mouse before executing the malicious javascript.
June 24, 2024 by StrikeReady Labs5 minutes
Protecting against Dangling DNS hijacking is more than good hygiene
Despite being a broadly understood class of vulnerabilities, Dangling DNS misconfigurations can still lead to a headache for infrastructure providers. In this blog, we examine the typical causes of this vulnerability, and how we were able to ethically report issues at a major vendor
May 29, 2024 by StrikeReady Labs5 minutes
Finding the unknown unknowns, part 1
This is the first article in a series about technical hunting wins that are attainable by all SOC teams.
April 20, 2024 in Technical Hunting by StrikeReady Labs6 minutes
Rattling the cage of a Sidewinder
How StrikeReady helps you track APT infrastructure before it's used against your organization.
April 3, 2024 by StrikeReady Labs11 minutes
Don't get BITTER about being targeted -- fight back with the help of the community.
How StrikeReady helped a SOC prioritize alerts triggered by a previously untagged APT actor.
February 29, 2024 by StrikeReady Labs7 minutes
Stealing your email with a .txt file
A blog that describes tracking a targeted threat actor using StrikeReady, passive dns, ssl certificates, and malware analysis.
January 17, 2024 by StrikeReady Labs8 minutes
Pivoting through a Sea of indicators to spot Turtles
A blog that describes tracking a targeted threat actor using StrikeReady, passive dns, ssl certificates, and malware analysis.
December 27, 2023 by StrikeReady Labs10 minutes