‘Motive – Opportunity – Impunity’ cycle shapes the cybersecurity threat landscape for years

Motive – Opportunity – Impunity: without breaking this cycle in the global private and public sectors cooperation, there’ll be no end to cybercrime nor to politically motivated hacks. Motive Money. That’s what’s directly behind the majority of cyber attacks today. Another much less frequent but very dangerous motive is politics with state actors seeking influenceContinue reading “‘Motive – Opportunity – Impunity’ cycle shapes the cybersecurity threat landscape for years”

Threat hunting with CrowdStrike – Valid Accounts

Techniques of interest: |_ Remote Services: Remote Desktop Protocol |_ Remote Services: SMB/Windows Admin Shares   Hypothesis:  If a Threat Actor (TA) would successfully employ the above-mentioned sub-techniques of T1021 then in Windows Active Directory environment it should demonstrate itself by Windows logon events with types 3 and 10 being generated on target machines.   If we were able to identify any single userContinue reading “Threat hunting with CrowdStrike – Valid Accounts”


Something went wrong. Please refresh the page and/or try again.

About Me

Expert, manager, engineer, consultant, architect, traveler. Trying to keep up πŸ₯Š

Nowadays in security monitoring, incident response, threat hunting, EDR and more. Always willing to learn. Opinions are my own.

Cybersecurity is a race between awareness and a breach.

That would be me

Network location does not imply trust.

NIST SP 800-207