On November 12, 2024, a joint cybersecurity advisory was released by agencies from the United States, Australia, Canada, New Zealand, and the United Kingdom. This advisory highlights the **top routinely exploited vulnerabilities of 2023**, offering insights into persistent threats and the measures organizations can take to protect themselves.

In 2022, Microsoft began blocking macros originating from the internet in Office, pushing both pentesters and threat actors to explore new methods for initial access. Fast forward to October 2024, and APT29 is leveraging one of those methods—Rogue RDP—discovered as a workaround back in 2022. In this video, we dive into a recent spearphishing campaign uncovered by the Ukrainian CERT, where attackers used Rogue RDP to gain initial access to targets. This video will provide you practical detection opportunities that can be used to hunt for this activity in your environment.

FIN7 is dead… right? In this week’s Threat SnapShot we breakdown a SentinelOne report on the group FIN7. We focus on detection strategies for their latest tools, covering three main tools: Powertrash (an obfuscated PowerShell script for payload loading), a batch script for persistence, and AU Kill (an antivirus neutralizer). For each tool, we explain its function and offer specific detection methods.

Our CTO, Fred Frey, met with Teddy Powers from Google Cloud Security at the Google Massachusetts Ave Office to discuss the topic: "Turning Novel Threats into Detections Easily with SnapAttack." Discover how SnapAttack can integrate with Mandiant's threat intelligence, security validation, and Google Chronicle to enhance detection and create actionable workflows for your organization.

Have you ever read a threat report and thought, “These tools could definitely be superhero names”? Well, you’re not alone! In this video, we dive into the recent APT41 campaign and explore the detection opportunities that arise from it. From tools like BlueBeam, AntSword, DustPan, and PineGrove, we break down how these were used in APT41’s latest operations and how you can detect them in your environment.

Discover how to detect the GrimResource attack, a novel code execution technique leveraging Microsoft Management Console (MMC) files. This threat snapshot video breaks down Elastic Security Labs' research on this stealthy initial access vector that evades common defenses. Key points covered: Learn practical steps to protect your systems against this emerging threat. *Subscribe to SnapAttack for more in-depth analyses and real-world applications of cybersecurity defenses.*

You've probably heard of Microsoft's new Recall feature by now. It's a info stealer's dream come true. There has been a lot of information release about how this new feature is a security nightmare and how it works. But today we are going to dig in and discover how to actually detect abuse of this new feature.