GhostContainer backdoor: malware compromising Exchange servers of high-value organizations in Asia
Read More In a recent incident response (IR) case, we discovered highly customized malware targeting Exchange infrastructure within government environments. Analysis of detection logs and clues within the sample suggests that the Exchange server was likely...
Forensic journey: Breaking down the UserAssist artifact structure
Read More Introduction As members of the Global Emergency Response Team (GERT), we work with forensic artifacts on a daily basis to conduct investigations, and one of the most valuable artifacts is UserAssist. It contains useful execution information that helps us...
Code highlighting with Cursor AI for $500,000
Read More Attacks that leverage malicious open-source packages are becoming a major and growing threat. This type of attacks currently seems commonplace, with reports of infected packages in repositories like PyPI or npm appearing almost daily. It would seem that...