QR codes have become a popular phishing method of choice for many reasons, which has made blocking and defending against this technique a little cumbersome for IT and Security administrators.

Threat actors are now deploying malicious OneNote files to gain initial access on a targets machine. This is done by attaching malicious .vbs (VBScript) files within the OneNote document along with an enticing call to action button.

In this post, I discuss my real-world encounter with the Raspberry Robin worm infection, and how it gained initial access from a malicious USB device. Below is a timeline of events observed on the endpoint from the moment the USB device was mounted to when execution events began.

I discuss my first real-world encounter with the SocGholish drive-by download malware, and then go on to analyse its impact, how it works and how our defenses managed to thwart the second stage of the attack.

An HTML file containing obfuscated Javascript was sent via a spear phishing email campaign lately. Although the phish isn’t the most sophisticated out there…

Zero Logon was a critical Active Directory vulnerability that allowed attackers to gain Domain Administrator privileges by exploiting the MS-NRPC (NetLogon Remote Protocol).