Blog  


20 Sep

Docker Daemon Worms Are Still Kicking Around

READ MORE

The abuse of open Docker daemons for mining cryptocurrencies is nothing new. You can find multiple blog posts (Aqua, CloudVector, SentinelOne, Palo Alto, etc.) about how different threat actors are creating Docker containers for mining purposes.

14 Sep

A Step-by-Step CVE-2021-26084 Compromise

READ MORE

In one of our blog posts last week, we described different payloads that we were observing related to the exploitation of CVE-2021-26084. The majority of the incidents were just trying to install crypto miners, but we expect to see other types of attackers soon.

7 Sep

Shellcode Detection Using Real-Time Kernel Monitoring

READ MORE

The tools used to load code into memory have changed a lot recently. I have seen this evolution in shellcode, manually mapped images and other types of code execution methods.

2 Sep

Internet Noise: Threat Actor CC0632

READ MORE

Over the past year, our team has been working at gathering intel on new and unusual threat actors to augment the capabilities of our platform. Using our deception technology, we have detected several new threat actors in the wild that can be considered part of Internet noise (automated attacks that typically run constantly).

1 Sep

Classifying Internet Noise | Founder Chat

READ MORE

CounterCraft’s founders talk about the company’s threat intel research that is currently being deployed across the internet. CounterCraft has been running these machines for some time now and has discovered interesting patterns and events among the internet noise.

Page 6 of 12