attack techniques

A silent yet critical risk has emerged in enterprise Windows environments with the discovery of BadSuccessor, a powerful privilege escalation technique that takes advantage of Delegated Managed Service Accounts (dMSAs) in Active Directory under Windows Server 2025. While the dMSA migration...

Leveraging trusted internal channels has long been a gold standard for cybercriminals seeking to evade organizational defenses, but a recent campaign uncovered by Proofpoint signals a new level of ingenuity in exploiting a familiar Microsoft 365 feature: Direct Send. This functionality, designed...

The evolving threat landscape for enterprises and public institutions is continually shaped by the tactics of advanced cybercriminal groups. Among them, Octo Tempest—also known as Scattered Spider, Muddled Libra, UNC3944, and 0ktapus—has emerged as one of the most adaptive and persistent...

A new era of phishing is underway, and the stakes have never been higher for organizations relying on Microsoft 365, Okta, and similar cloud-driven services. The weaponization of artificial intelligence, most recently exemplified by the abuse of Vercel’s v0 generative AI design tool, has made it...

The Play ransomware group, more commonly referred to in cybersecurity circles as “Playcrypt,” has carved out a chilling reputation across the digital threat landscape since its emergence in mid-2022. This ransomware-as-a-service operation has evolved from relative obscurity to become one of the...

Microsoft Vulnerabilities in 2024: A Record-Breaking Year and What It Means for Users and Enterprises As the digital world continues to expand, the software that powers our daily lives grows increasingly complex—and so do its vulnerabilities. In 2024, Microsoft, a cornerstone of global computing...

A New Phishing Frontier: Tycoon2FA Evolving to Outsmart Microsoft 365 Security Phishing attacks are evolving, and the latest twist comes from the Tycoon2FA phishing kit. Designed as a Phishing-as-a-service (PhaaS) platform, Tycoon2FA is notorious for bypassing multi-factor authentication (MFA)...

Original release date: December 2, 2021 Summary This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise framework for referenced threat actor techniques and for mitigations. This joint...

Original release date: September 22, 2021 Summary Immediate Actions You Can Take Now to Protect Against Conti Ransomware • Use Link Removed. • Segment and segregate networks and functions. • Update your operating system and software. Note: This Alert uses the MITRE Adversarial Tactics...

Original release date: July 23, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise and Link Removed frameworks for all referenced threat actor techniques and mitigations. Over recent...

I am currently in the middle of testing a hack on a Windows 10 virtual machine via brute force attack. I successfully hacked into the Windows 10 (victim) machine via OpenSSH port which I opened myself I have looked on Windows Event viewer and have noticed that it shows the attack attempts and...

Today, Microsoft is announcing the launch of a limited-time bounty program for speculative execution side channel vulnerabilities. This new class of vulnerabilities was disclosed in January 2018 and represented a major advancement in the research in this field. In recognition of that threat...

Original release date: November 13, 2014 Systems Affected iOS devices running iOS 7.1.1, 7.1.2, 8.0, 8.1, and 8.1.1 beta. Overview A technique labeled “Masque Attack” allows an attacker to substitute malware for a legitimate iOS app under a limited set of circumstances. Description...