Liran Ravich, Author at CardinalOps

CardinalOps Contributes Updates to MITRE ATT&CK Techniques Related to Abuse of Mail Transport Rules

Adversaries are hijacking corporate email systems such as Office 365 by abusing email transport rules. Learn how these sophisticated attacks work, plus how to detect them in Splunk, Microsoft Sentinel, IBM QRadar & Sumo Logic.

Splunk and other SIEM detections for Follina, a clever MS-Office 0-day

Summary This blog post summarizes Follina, an RCE zero-day discovered in Microsoft Office. It provides recommended detections in the native query languages for Splunk, Microsoft Sentinel, IBM QRadar, and Sumo Logic, along with associated MITRE

Enterprise SIEMs Detect Fewer Than 5 of Top 14 MITRE ATT&CK Adversary Techniques Used in the Wild

“Organizations need to become more intentional about detection in their SOCs. What should we detect? Do we have use cases for those scenarios? Do they actually work? Do they help my SOC analysts effectively triage

Spring into action (with SIEM detection rules for Spring4shell)

Spring into action (with SIEM detection rules for Spring4shell) The Spring Framework is an open source application framework that provides infrastructure support for developing Java applications. The framework can be used by any Java application

Lapsus$ vs the world: SIEM detection rules with ATT&CK mapping

Image credit: World of Dictionary A new player has entered the game The ”Lapsus$” group, unknown before December 2021, has made multiple headlines in recent weeks, following multiple data breaches in big companies such as