Jorge Orchilles

November 20, 2020

#ThreatThursday - Berserk Bear

As usual for #ThreatThursday, we will understand Berserk Bear’s behavior, map to MITRE ATT&CK and share the ATT&CK Navigator JSON, create and share an adversary emulation plan in the largest, public adversary behavior repository, and discuss how to defend against this energy sector adversary.

Read Now

November 5, 2020

#ThreatThursday - Ryuk

This week, we take a deeper dive into emulating and defending against the ransomware behind a recent spike in healthcare sector attacks - Ryuk Ransomware. Researchers estimate that Ryuk has been behind a third of the ransomware attacks detected in 2020, including the latest surge in hospital and healthcare IT system attacks.

Read Now

October 28, 2020

Active Directory Attacks with Kerberoasting

Kerberoasting is now available in the SCYTHE Marketplace. In this post, Tim Medin explains how Kerberoasting works during Unicon and also releases a Kerberoast module in the SCYTHE Marketplace to enable SCYTHE operators to seamlessly Kerberoast from within SCYTHE.

Read Now

October 9, 2020

FAQs - Getting Started in Ethical Hacking

How do I get started in ethical hacking, penetration testing, or red team? I get this question all the time from people with all sorts of goals. Whether you are getting into vulnerability management, wanting to find 0day vulnerabilities, to red teaming, to emulating adversaries against your organization to test, measure, and improve people, process, and technology, this FAQ is for you.

Read Now

October 8, 2020

#ThreatThursday - SlothfulMedia

On October 1, 2020, US-Cert published a Malware Analysis Report (MAR) in relation to a new malware they have seen in the wild called SlothfulMedia. The report suggests this is a “sophisticated cyber actor” but as you will see, it seems like a very typical Remote Access Trojan. As usual, we will review the Cyber Threat Intelligence, create an adversary emulation plan, demonstrate the emulation, and discuss how to defend against this threat.

Read Now

More BLOG POSTS

November 10, 2020

Episode 3: Leveraging Resources When Chock Full of Challenges with Guest Mitch Parker

Healthcare is chock full of adventure - rising number patients, increase in malware attacks, and a shift towards remote work. On this episode of CISO STRESSED Liz sits down with Mitch Parker, Exec. Dir./CISO at Indiana University Health and talks about leveraging and maximizing resources and building trust to solve security challenges facing healthcare systems.

Read Now

October 27, 2020

Episode 2: Digital Empathy in the Customer Experience (Guest Shawn M Bowen)

Building security in the customer experience, not “compliance helmets” - Shawn Bowen, CISO with Restaurant Brands International, joins CISO Stressed Host Liz Wharton to discuss the value of experience-based learning, digital empathy, and the customer experience.

Read Now

October 22, 2020

#ThreatThursday - FIN6

Welcome to another week of #ThreatThursday! This week’s Threat Thursday is going to be slightly different from the standard as we discuss the FIN6 Adversary Emulation plan released by MITRE Engenuity’s Center for Threat-Informed Defense. We will focus on the importance of machine-readable Cyber Threat Intelligence at the adversary behavior and TTP level, sharing adversary emulation plans, and YAML-to-JSON conversion

Read Now