20 Sep

Docker Daemon Worms Are Still Kicking Around


The abuse of open Docker daemons for mining cryptocurrencies is nothing new. You can find multiple blog posts (Aqua, CloudVector, SentinelOne, Palo Alto, etc.) about how different threat actors are creating Docker containers for mining purposes.

14 Sep

A Step-by-Step CVE-2021-26084 Compromise


In one of our blog posts last week, we described different payloads that we were observing related to the exploitation of CVE-2021-26084. The majority of the incidents were just trying to install crypto miners, but we expect to see other types of attackers soon.

7 Sep

Shellcode Detection Using Real-Time Kernel Monitoring


The tools used to load code into memory have changed a lot recently. I have seen this evolution in shellcode, manually mapped images and other types of code execution methods.

2 Sep

Internet Noise: Threat Actor CC0632


Over the past year, our team has been working at gathering intel on new and unusual threat actors to augment the capabilities of our platform. Using our deception technology, we have detected several new threat actors in the wild that can be considered part of Internet noise (automated attacks that typically run constantly).

1 Sep

Classifying Internet Noise | Founder Chat


CounterCraft’s founders talk about the company’s threat intel research that is currently being deployed across the internet. CounterCraft has been running these machines for some time now and has discovered interesting patterns and events among the internet noise.

Page 6 of 12