News • Insights • Analysis
Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as Read More …
When it comes to digital forensics, AmCache plays a vital role in identifying malicious activities in Windows systems. This artifact allows the identification of the execution of both benign and malicious software on a machine. It is managed by the Read More …
As members of the Global Emergency Response Team (GERT), Kaspersky works with forensic artifacts on a daily basis to conduct investigations, and one of the most valuable artifacts is UserAssist. It contains useful execution information that helps us determine and Read More …
Rapid7’s Incident Response (IR) team was engaged to investigate an incident involving an attempted Cobalt Strike execution. The investigation uncovered twists and turns with pre-ransomware activities, tunneling tools, and attackers taking a page out of the defender’s playbook. The attacker Read More …
More and more hackers are targeting regular people with the goal of breaking into their bank accounts, stealing their crypto, or simply stalking them. These types of attacks are still relatively rare, so there’s no need for alarm. But it’s Read More …
Rogue employees present significant financial and cybersecurity risks to organizations. Rapid7 threat researchers and penetration testers are actively observing how malicious actors exploit hiring pipelines to infiltrate businesses. This blog highlights real-world tactics, including: Insider Reconnaissance: Rogue applicants leveraging interviews to Read More …
When launching and persisting attacks at scale, threat actors can inadvertently leave behind traces of information. They often reuse, rotate and share portions of their infrastructure when automating their campaign’s setup before launching an attack. Defenders can leverage this behavior Read More …
As botnets continue to evolve, so do the techniques required to detect them. While Transport Layer Security (TLS) encryption is widely adopted for secure communications, botnets leverage TLS to obscure command-and-control (C2) traffic. These malicious actors often have identifiable characteristics Read More …
The use of archive files as malware delivery mechanisms is evolving, presenting challenges for Secure Email Gateways (SEGs), new research has claimed. A recent report by Cofense highlights how cybercriminals exploit various archive formats to bypass security protocols, particularly following Read More …
By Josh Breaker-Rolfe Implementing artificial intelligence (AI) into your security operations center (SOC) can transform your organization’s ability to respond to threats, reduce the burden on overstretched analysts, and even offer long-term cost-reduction benefits. But what metrics should you Read More …