Threat Management Archives

It’s Not a Bug, It’s Feature Abuse: A Deep Dive Into Azure Web App Logs and Attack Visibility

Azure makes it easy to spin up serverless functions and web apps, a convenience that often comes with security blind spots. Logs are fragmented across services, authentication defaults may leave endpoints exposed, and preview environments

Living off WinRM: Abusing Complexity in Remote Management

Key Context: What Is LOLBAS Anyway? LOLBAS (Living Off The Land Binaries, Scripts, and Libraries) are legitimate Windows tools and binaries that attackers abuse to perform malicious actions without using custom malware. One of the

Polymorphic AI Malware: A Real-World POC and Detection Walkthrough

What Is Polymorphic AI Malware? Polymorphic AI malware refers to a new class of malicious software. It leverages artificial intelligence models, such as GPT-based language models, to dynamically generate, obfuscate, or modify its own code

Closing the Gaps in Linux Auditing & Detection Strategies

Linux systems are often overlooked when setting up security auditing and threat detection strategies. The main reason is that Linux auditing is far less explored by the security community than Windows auditing. A survey done

Detection, Evasion, and the Pursuit of Immutable Artifacts

You’re probably familiar with the classic thought experiment: If a tree falls in a forest and no one is around to hear it, does it make a sound? In cybersecurity, we can ask a similar

Monitoring Granular SOC Metrics: Peak Network Traffic and Initial User Logins

When considering KPIs for your SOC, mean time to detect, contain, and remediate (MTTR, MTTC, and MTTR); incident and alert volumes; and false positive rates get most of the attention. Regularly monitoring these higher-level metrics

Leveraging Metrics in Google SecOps SIEM for Enhanced Threat Detection

Google Security Operations (SecOps) SIEM offers powerful tools for threat detection, and one of its most valuable features is the use of metrics within YARA-L rules. Metrics allow you to aggregate historical data over extended

CardinalOps Expands AI-Powered Threat Exposure Management Platform, Unifying Prevention and Detection for Enhanced Cyber Risk Reduction

Michael Mumcuoglu, Co-Founder and CEO of CardinalOps says, “With this launch, we are enabling organizations to rethink how they approach threat exposure management.”

SANS 2024 Detection and Response Survey – Transforming Cybersecurity Operations: AI, Automation, and Integration in Detection and Response

Download the SANS 2024 Detection and Response Survey to discover insights from cybersecurity professionals on navigating today’s detection and response challenges. Key findings include:

Enhancing Cyber Defense Through Automated Security Control Assessment (ASCA)

A chaotic threat landscape and rapidly changing attack techniques has organizations facing increased pressure to deal with persistent threats by developing and deploying new security controls and being able to identify and manage misconfigured controls.

Detection Posture Management: Reduce your organization’s exposure to threats

Even the best, most mature security teams must plan for worst-case scenarios – when an attack has slipped past their defensive and preventative technologies and becomes a threat. Detection is the last line of defense

CardinalOps Launches TI-Ops to Operationalize Adversary Intelligence through AI and Automation

Turn real adversary behaviors (TTPs) into actionable detection Organizations are struggling to keep up with an evolving threat landscape and security teams are increasingly burdened with the pressure to build an effective cyber defense against