Lachlan Godding 06 Sep 2023 Quacking the Code: An Analysis of the Ducktail Malware Operation SenseOn has analysed several variants of a highly targeted malware operation, dubbed ‘ducktail’, which is delivered to victims via tailored spearphishing attacks. While a WithSecure report indicates that this malware has been in circulation since as early as 2018, SenseOn…
Read moreMonitor Your AWS ECS Fargate Environments with SenseOn
Monitor Your AWS ECS Fargate Environments with SenseOn
Read moreUnmasking the activities of a low-level threat actor using njRat
Unmasking the activities of a low-level threat actor using njRat This blog was written by Sam Stoneley, SenseOn Security Analyst. SenseOn has investigated an njRAT infection as part of our threat intelligence efforts. In this article, one of our cybersecurity analysts explores the following: Read on to see how our team leveraged SenseOn’s advanced telemetry to…
Read moreHow SenseOn Uses Python to Implement Scalable WebSockets Servers With AsyncIO
Here’s how Python allows SenseOn to implement WebSockets in a scalable, effective, and secure way for threat detection and response.
Read moreOneNote malware: A growing threat
This blog was written by Lachlan Godding, SenseOn Security Analyst. Microsoft OneNote is used by people working in organisations from schools to business consultancy firms for note-taking. OneNote is also a growing source of cybersecurity risk. The note-taking software’s users are a target for cybercriminals and phishing campaigns. Microsoft OneNote files and OneNote attachments are…
Read moreBitcoin miners spreading via software cracks
Software privacy comes in many forms, one way is using ‘cracks’ which can be used to bypass the licence and activation software seen in commercial software. Running any software provided by an unknown third party is a really risky thing to do. As it provides an easy method for an attacker to run malicious code…
Read moreSenseOn Advisory on the Outlook Zero Day Vulnerability
Executive Summary Product Impacted: Microsoft Outlook Criticality score: 9.8 Critical CVE-2023-23397 On the 14th March 2023, Microsoft published details of a critical Outlook vulnerability known to have been exploited by threat actors. The vulnerability, tracked under CVE-2023-23397, allows attackers to obtain NTLM hashes by sending specially crafted emails to a victim which will exploit the…
Read moreExploring the Gootkit loader infection chain
This post was authored by our Director of Technology, Brad Freeman. SenseOn’s in-depth analysis of the Gootkit malware family breaks down the Gootkit malware attack chain. With SenseOn’s advanced telemetry, our cybersecurity analyst team was able to break down the latest Gootkit attack methods. SenseOn has a wide range of threat intelligence and security analytics…
Read moreAutomating your security data pipeline using a strict data model
This post was written by SenseOn’s CTO, James Mistry.Know all about the challenges of wrestling with big datasets whose definition is unclear? Go straight to the gory details! The “More is Better” approach Security platforms collect a lot of data. A SIEM, for example, might ingest endpoint events, firewall logs, a variety of application logs…
Read moreSenseOn’s Security Engineering Squad Attends Objective by the Sea 2022!
Read all about SenseOn’s trip to Objective by the Sea v5!
Read more