Using Alternate Data Streams to Bypass User Account Controls

There are some pretty cool PowerShell frameworks out there, which means it’s relatively common to see PowerShell doing nefarious things. So when the below alert fired, it was not immediately obvious that it was anything other than normal PowerShell encoding: Digging a little deeper, however, I found that the pattern of behavior was nearly identical […]

Detecting and Combating Advanced Attacks: a Global Not-for-Profit’s Defense Strategy

Everyone knows advanced threats are extremely difficult to defend against. Nothing earth-shattering there. They leverage sophisticated tactics, techniques, and procedures (TTPs) to covertly harvest sensitive data, and are characterized by their ability to avoid detection. Most organizations say they are concerned about advanced attackers, but also question if they would ever be a target. But […]