Cybersecurity

A proper detection engineering program can help improve SOC operations. In this article we’ll discuss potential SOC issues, the necessary components of a detection engineering program and some useful metrics for evaluating its efficiency.

Kaspersky expert dissects the MS-RPC security mechanism and provides a step-by-step analysis of calling a function from the Netlogon interface.

How cyberattackers exploit group policies, what risks attacks like these pose, and what measures can be taken to protect against such threats.

Kaspersky experts analyzed the Mercedes-Benz head unit, its IPC protocols and firmware, and found new vulnerabilities via physical access.

Kaspersky experts analyze cyberdefense weak points, including patch management, policy violations and MSSP issues, and real-world cases where compromise assessment helped detect and mitigate incidents.

We explain how mainframes work, potential attack vectors, and what to focus on when pentesting such systems.

How a SOC can efficiently manage priorities when writing detection logic for various MITRE ATT&CK techniques and what tools can help.

Kaspersky experts conducted a study of password resistance to attacks that use brute force and smart guessing techniques.

This is the first part of the research, devoted to null session vulnerability, unauthorized MS-RPC interface and domain user enumeration.

Our Security assessment team set up rankings that reflected our take on the most widespread and critical web application vulnerabilities as viewed through a prism of eight years’ experience.

I identified several signs of attacks that use forged certificates inside the network and developed a Proof-of-Concept utility capable of finding artifacts in AD, as well as a number of detection logic rules that can be added to SIEM.

This paper aims to provide guidance for organizations looking to select an MSSP and help to identify the benefits and drawbacks of using an MSSP.

How do we ensure the services being provided by SOCs are meeting expectations? How do we know continuous improvement is being incorporated in daily operations? The answer lies in the measurement of SOC internal processes and services.

Incident response playbooks help optimize the SOC processes, and are a major step forward to SOC maturity, but can be challenging for a company to develop. In this article, I want to share some insights on how to create the (almost) perfect playbook.

How deals and arrangements are made on the dark web, what parties are involved, what escrow services and arbitration are and how these affect the security of deals.