Lucky Mouse: Incident Response to Detection Engineering
This blogpost discusses how the Tactics, Techniques and Procedures (TTPs) used by the APT27 (Lucky Mouse) intrusion set in the last incident reported by Intrinsec, a SEKOIA.IO Managed Security...Read More
XDR detection engineering at scale: crafting detection rules for SecOps efficiency
In this blogpost we present SEKOIA.IO’s process to create detection rules, which first requires explaining our detection workflow as well as understanding SEKOIA.IO XDR history and specificities.Read More
Ongoing Roaming Mantis smishing campaign targeting France
This blog post on Roaming Mantis group is an extract of the “FLINT 2022-037 – Ongoing Roaming Mantis smishing campaign targeting France” report (SEKOIA.IO Flash Intelligence) sent to our clients...Read More
BumbleBee: a new trendy loader for Initial Access Brokers
This blog post on BumbleBee malware was originally published as a FLINT report (SEKOIA.IO Flash Intelligence) sent to our clients on June 02, 2022. BumbleBee is a new malicious loader, first...Read More
MSDT abused to achieve RCE on Microsoft Office
This blog post on this Microsoft zero-day vulnerability was originally published as a FLINT report (SEKOIA.IO Flash Intelligence) sent to our clients on May 31, 2022. On May 27th a...Read More
Improving Threat Detection with Sigma Correlations
Today, we are adding Sigma Correlations support to the SEKOIA.IO threat detection capabilities! In this post, we discuss what can be done with it, and why it was needed....Read More
Centralization of EDR alerts, new detections and trackers… the novelties of November 2021
SEKOIA.IO aims to be as close as possible to the users of the platform, meeting their needs in a precise way, while taking into account their approach and user...Read More
An insider insights into Conti operations – Part Two
The first blog post was focusing on Conti’s evolution and the leak’s context and analysis. In this second blog post, we will look into how to make simple detection rules to...Read More
Hatching Triage to enhance SEKOIA.IO Cyber Threat Intelligence
In this blogpost, we present the integration of Indicators of Compromise (IoCs) in our Cyber Threat Intelligence (CTI) from the results of Hatching’s Triage sandbox analysis. To provide some...Read More
Hunting and detecting Cobalt Strike
In the last SEKOIA.IO Threat & Detection Lab we dealt with a Man-in-the-middle (MITM) phishing attack leveraging Evilginx2, an offensive tool allowing two-factor authentication bypass. Here, we are tackling...Read More