Cyber deception is the most effective way to identify threat actors in any organization’s network. CounterCraft delivers actionable threat intelligence across industries.
-
Real World Cases: Threat Intel to Detect Lateral Movement in the Banking Industry
See the success our clients have found using a deception-powered threat intelligence platform to detect lateral movement within a network. Read more
-
Malicious Docker Images Still Used for Mining Purposes
Malicious docker images are part of the latest technique. Our deception technology has detected evidence of the use of malicious Docker images available at Docker Hub Read more
-
Escaping Docker Privileged Containers for Mining Crypto Currencies
TeamTNT is abusing open Docker daemons and they are using a neat trick to escape from the container and install the crypto miner in the real host. Read about it here. Read more
-
Docker Daemon Worms Are Still Kicking Around
In this post, we focus on ‘Cetus’, a worm that compromises open Docker daemons with two goals: cryptocurrency mining, and to propagate itself. Read on. Read more
-
A Step-by-Step CVE-2021-26084 Compromise
We have described different payloads that we were observing related to the exploitation of CVE-2021-26084. The majority of the incidents were trying to install crypto miners. Read on as we describe a successful exploit that installs a cryptominer (XMRig), and see how quickly a normal server connected in the Internet can be used for mining… Read more
-
Shellcode Detection Using Real-Time Kernel Monitoring
Looking at how to use real time kernel monitoring for shellcode detection. Alonso Candado discusses the challenges faced when trying to detect shellcode at runtime, usin the examples of hooking syscalls via hypervisor EPT feature and detecting shellcodes from kernel callback. Read more
