This article shares a method & tool developped by Intrinsec to reconstruct attack path using Microsoft Protection logs. Enjoy reading & hunting ! During incident response, CERT Intrinsec performs investigation so as to find indicators of compromise and...
Introduction Since a couple of years, ransomware attacks are one of organizations’ biggest threats. Indeed, those attacks can dramatically disturb operations by stopping production, order intake or orders shipments for days. Starting from isolated and capable...
CERT Intrinsec has faced since the beginning of September several cases involving Egregor and Prolock ransomwares. This article aims at presenting Egregor and Prolock techniques, tactics and procedures, as well as sharing indicators of compromise and highlighting...
During a recent investigation dealing with ransomware attack, CERT Intrinsec faced OSTAP loader. This loader is used to deliver other malwares (such as Trickbot) on an infected system. It uses high obfuscation techniques to prevent the code from being read and to...
En cette période de pandémie, une adaptation du travail a été nécessaire dans le cadre des mesures prises par le gouvernement, s’accompagnant de documents administratifs de toutes natures. De fausses versions de certains documents sont utilisés par des acteurs...