How Hackers Use Binary Padding to Outsmart Sandboxes and Infiltrate Your Systems
What is binary padding? How can you detect against threats using junk data in various ways to evade defensive systems and sandboxes? Read on to learn more. Binary padding is the process of adding extra or junk data to a portable executable (PE) file that, while not changing the behavior of the binary, changes certain […]
Reducing Alert Fatigue in Your Security Operations Center with AI
The Security Operations Center (SOC) is a high-pressure environment where analysts work (sometimes in around-the-clock shifts) to protect organizations from cybersecurity threats. Maintaining high morale in such a demanding setting is essential for the well-being and productivity of the team, especially if you still have analysts manually doing alert triage and facing alert fatigue. Integrating […]
Embracing AI Analysts to Strengthen In-House SecOps Teams
With artificial intelligence technology rapidly advancing, it’s now possible to automate even more of the repetitive, manual, and even skilled tasks that consume the time of overloaded security operations analysts. Especially the “grunt work” that leads to alert fatigue. Organizations often face the dilemma of outsourcing their security operations centers (SOCs) or investing in in-house […]
5 Ways to Use ChatGPT in Your SOC: Real-World AI Applications to Streamline Alert Triage
Check out our other blogs here to learn how Intezer uses Generative AI to analyze and summarize text-based threats like scripts and macros or interpret text and hidden elements in phishing emails. Security Operations Center (SOC) teams face the daunting challenge of staying one step ahead as cyber threats continue to evolve. With an ever-increasing […]
Phishing Campaign Targets Chinese Nuclear Energy Industry
Intezer has been tracking activity targeting the energy sector and noted a campaign with techniques that align with those of Bitter APT, operating in the Asia-Pacific region. We have made the connection to Bitter APT through tactics, techniques, and procedures (TTPs) that have been observed in other publications, such as the use of Microsoft Office […]
Infected: Understanding a Malicious Result from an Endpoint Scan
Endpoints are a key target in cyberattacks, so it’s critical to ensure that you’re able to effectively triage and investigate alerts from your endpoint detection systems. Including threats that hide in memory, like fileless malware or scheduled tasks created by an attacker. Intezer’s Endpoint Scanner is a powerful forensics tool for detecting advanced in-memory threats […]
Are Challenges Faced by SecOps Teams in 2023 an Opportunity?
If there weren’t enough challenges for security operations (SecOps) teams already, economic uncertainty and hits to revenue are forcing organizations to rethink their cybersecurity needs. SecOps teams will be as impacted as the other departments. For years now, the security industry has suffered from a shortage of skilled professionals, alert fatigue, and the growing complexity […]
Adopting AI-Powered Automation for Tierless SOC Teams
“Artificial intelligence” and “automation” have been buzzwords in the world of cybersecurity for a while now, however, enterprises are still struggling to fully realize its potential for incident response. In today’s complex and rapidly changing threat environment, manual security processes for security operations (SecOps) are not enough to keep up with the pace of threats. […]
Malware Reverse Engineering for Beginners – Part 2
In part 1 of this series, we warmed up and aligned with basic computing terminologies. We learned the basics of assembly and how to use disassemblers. All of these tools and techniques are very important for reversing malware samples. Different sorts of malware have different capabilities and implementations. As reverse engineers, we need to be […]
Scaling your SOC with Microsoft Defender + Intezer
TLDR: Highlights of Intezer’s Autonomous SOC solution for Microsoft Defender for Endpoint Automating SOC Triage and Investigations with Defender Intezer’s Autonomous SOC solution now supports Microsoft Defender for Endpoint, enabling security teams to automatically triage incidents and get deep endpoint forensics. As Microsoft Defender is a leading endpoint security solution providing prevention, detection, and response across […]