Cybersecurity

A Kaspersky GERT expert describes the UserAssist Windows artifact, including previously undocumented binary data structure, and shares a useful parsing tool.

We have explored the RACF security package in z/OS and developed a utility to interact with its database. Now, we are assessing RACF configuration security for penetration testing.

Kaspersky expert shares insights on how to determine whether an attack was first launched in a container or on the host itself when an organization’s logs lack container visibility.

Kaspersky experts discuss optimizing penetration testing with an agent for the Mythic framework and object files for Cobalt Strike.

The Kaspersky Global Emergency Response Team (GERT) detected an Outlaw mining botnet in a customer incident. In this article, we share insights into this botnet’s SSH-based infection chain.

A proper detection engineering program can help improve SOC operations. In this article we’ll discuss potential SOC issues, the necessary components of a detection engineering program and some useful metrics for evaluating its efficiency.

Kaspersky expert dissects the MS-RPC security mechanism and provides a step-by-step analysis of calling a function from the Netlogon interface.

How cyberattackers exploit group policies, what risks attacks like these pose, and what measures can be taken to protect against such threats.

Kaspersky experts analyzed the Mercedes-Benz head unit, its IPC protocols and firmware, and found new vulnerabilities via physical access.

Kaspersky experts analyze cyberdefense weak points, including patch management, policy violations and MSSP issues, and real-world cases where compromise assessment helped detect and mitigate incidents.

We explain how mainframes work, potential attack vectors, and what to focus on when pentesting such systems.

How a SOC can efficiently manage priorities when writing detection logic for various MITRE ATT&CK techniques and what tools can help.

Kaspersky experts conducted a study of password resistance to attacks that use brute force and smart guessing techniques.

This is the first part of the research, devoted to null session vulnerability, unauthorized MS-RPC interface and domain user enumeration.

Our Security assessment team set up rankings that reflected our take on the most widespread and critical web application vulnerabilities as viewed through a prism of eight years’ experience.