Quacking the Code: An Analysis of the Ducktail Malware Operation

Lachlan Godding 06 Sep 2023 Quacking the Code: An Analysis of the Ducktail Malware Operation SenseOn has analysed several variants of a highly targeted malware operation, dubbed ‘ducktail’, which is delivered to victims via tailored spearphishing attacks. While a WithSecure report indicates that this malware has been in circulation since as early as 2018, SenseOn…

Read more
Monitor Your AWS ECS Fargate Environments with SenseOn

Monitor Your AWS ECS Fargate Environments with SenseOn

Read more
Unmasking the activities of a low-level threat actor using njRat

Unmasking the activities of a low-level threat actor using njRat This blog was written by Sam Stoneley, SenseOn Security Analyst. SenseOn has investigated an njRAT infection as part of our threat intelligence efforts. In this article, one of our cybersecurity analysts explores the following: Read on to see how our team leveraged SenseOn’s advanced telemetry to…

Read more
How SenseOn Uses Python to Implement Scalable WebSockets Servers With AsyncIO 

Here’s how Python allows SenseOn to implement WebSockets in a scalable, effective, and secure way for threat detection and response.

Read more
OneNote malware: A growing threat

This blog was written by Lachlan Godding, SenseOn Security Analyst. Microsoft OneNote is used by people working in organisations from schools to business consultancy firms for note-taking.  OneNote is also a growing source of cybersecurity risk.  The note-taking software’s users are a target for cybercriminals and phishing campaigns. Microsoft OneNote files and OneNote attachments are…

Read more
Bitcoin miners spreading via software cracks

Software privacy comes in many forms, one way is using ‘cracks’ which can be used to bypass the licence and activation software seen in commercial software. Running any software provided by an unknown third  party is a really risky thing to do. As it provides an easy method for an attacker to run malicious code…

Read more
SenseOn Advisory on the Outlook Zero Day Vulnerability

Executive Summary Product Impacted: Microsoft Outlook Criticality score: 9.8 Critical CVE-2023-23397 On the 14th March 2023, Microsoft published details of a critical Outlook vulnerability known to have been exploited by threat actors. The vulnerability, tracked under CVE-2023-23397, allows attackers to obtain NTLM hashes by sending specially crafted emails to a victim which will exploit the…

Read more
Exploring the Gootkit loader infection chain

This post was authored by our Director of Technology, Brad Freeman. SenseOn’s in-depth analysis of the Gootkit malware family breaks down the Gootkit malware attack chain. With SenseOn’s advanced telemetry, our cybersecurity analyst team was able to break down the latest Gootkit attack methods.  SenseOn has a wide range of threat intelligence and security analytics…

Read more
Automating your security data pipeline using a strict data model

This post was written by SenseOn’s CTO, James Mistry.Know all about the challenges of wrestling with big datasets whose definition is unclear? Go straight to the gory details! The “More is Better” approach Security platforms collect a lot of data. A SIEM, for example, might ingest endpoint events, firewall logs, a variety of application logs…

Read more
SenseOn’s Security Engineering Squad Attends Objective by the Sea 2022!

Read all about SenseOn’s trip to Objective by the Sea v5!

Read more