Engineering detection around Microsoft Defender
This blogpost slightly introduces Microsoft Defender different products and the confusion that can be made between them mainly because they were renamed over the years. Then it focuses on...Read More
Sekoia.io CTI at a glance
The CTI produced within Sekoia.io provides a comprehensive vision on the global cyber-threats alongside technical indicators of compromise (IOC), revealing the presence of attackers. We are in a “one-to-many”...Read More
Lucky Mouse: Incident Response to Detection Engineering
This blogpost discusses how the Tactics, Techniques and Procedures (TTPs) used by the APT27 (Lucky Mouse) intrusion set in the last incident reported by Intrinsec, a SEKOIA.IO Managed Security...Read More
XDR detection engineering at scale: crafting detection rules for SecOps efficiency
In this blogpost we present SEKOIA.IO’s process to create detection rules, which first requires explaining our detection workflow as well as understanding SEKOIA.IO XDR history and specificities.Read More
Ongoing Roaming Mantis smishing campaign targeting France
This blog post on Roaming Mantis group is an extract of the “FLINT 2022-037 – Ongoing Roaming Mantis smishing campaign targeting France” report (Sekoia.io Flash Intelligence) sent to our clients...Read More
BumbleBee: a new trendy loader for Initial Access Brokers
This blog post on BumbleBee malware was originally published as a FLINT report (SEKOIA.IO Flash Intelligence) sent to our clients on June 02, 2022. BumbleBee is a new malicious loader, first...Read More
MSDT abused to achieve RCE on Microsoft Office
This blog post on this Microsoft zero-day vulnerability was originally published as a FLINT report (SEKOIA.IO Flash Intelligence) sent to our clients on May 31, 2022. On May 27th a...Read More
Improving Threat Detection with Sigma Correlations
Today, we are adding Sigma Correlations support to the SEKOIA.IO threat detection capabilities! In this post, we discuss what can be done with it, and why it was needed....Read More
Centralization of EDR alerts, new detections and trackers… the novelties of November 2021
Sekoia.io aims to be as close as possible to the users of the platform, meeting their needs in a precise way, while taking into account their approach and user...Read More
An insider insights into Conti operations – Part Two
The first blog post was focusing on Conti’s evolution and the leak’s context and analysis. In this second blog post, we will look into how to make simple detection rules to...Read More