Silver Fox’s ICMLuaUtil UAC Bypass: Abusing Auto-Elevated COM for Stealthy Privilege Escalation

Medium

APT, Campaign

Privilege Escalation

EDR, Sysmon, Windows

Silver Fox’s ICMLuaUtil UAC Bypass: Abusing Auto-Elevated COM for Stealthy Privilege Escalation

In modern Windows security architecture, User Account Control (UAC) serves as a key defensive layer against unauthorized privilege escalation. Its […]

Learn more

Latrodectus Unmasked: The Art of Persistent Execution via Trusted Binaries

Medium

Campaign, Malware

Persistence

EDR, Windows

Latrodectus Unmasked: The Art of Persistent Execution via Trusted Binaries

In a recent Latrodectus malware campaign, we observed a particularly insidious choice for persistence by modifying Windows registry keys to […]

Learn more

Patch Management Under Fire: Navigating the Vulnerabilities of WSUS in Enterprise Cybersecurity

High

Campaign, CVE

Lateral Movement, Privilege Escalation

EDR, Sysmon, Windows

Patch Management Under Fire: Navigating the Vulnerabilities of WSUS in Enterprise Cybersecurity

In the realm of cybersecurity, robust patch management is essential to fortify enterprise networks against evolving threats, particularly in Active […]

Learn more

When Defense Tools Turn Adversarial: Detecting the Misuse of Velociraptor in Modern Attack Chains

Medium

CyberCrime, LOLBin

Command and Control, Defense Evasion, Execution, Privilege Escalation

EDR

When Defense Tools Turn Adversarial: Detecting the Misuse of Velociraptor in Modern Attack Chains

We are witnessing a significant evolution in adversary tactics: threat actors are actively leveraging legitimate, open-source incident response tools like […]

Learn more

Inside RemCom’s Latest Evolution: Weaponizing WinRAR Vulnerability CVE-2025-8088 in 2025 Attacks

Medium

Campaign, CVE

Persistence

EDR, Sysmon, Windows

Inside RemCom’s Latest Evolution: Weaponizing WinRAR Vulnerability CVE-2025-8088 in 2025 Attacks

WinRAR is one of the most popular file compression tools globally, known for its ability to efficiently compress, package and […]

Learn more

High

Bypass, LOLBin

Defense Evasion, Execution

Windows

How EDR-Freeze Turns Windows Debugging into a Weapon Against Antivirus and EDR

It has been over two years since the distribution of the PPL-Blade and Terminator tools, which leveraged the Bring-Your-Own-Vulnerable-Driver (BYOVD) […]

Learn more

Medium

Campaign, LOLBin, Malware

Defense Evasion, Execution

Sysmon, Windows

Beyond the Takedown: How Lumma Stealer Maintains Persistent Campaigns Worldwide

Despite the takedown efforts, Lumma Stealer’s continued adaptability and innovative tactics have allowed it to maintain active campaigns, posing persistent […]

Learn more

High

Bypass, Campaign

Defense Evasion, Impact

EDR, Sysmon, Windows

Chepalus APT: Sophisticated Ransomware Operations Leveraging DLL Side-Loading

The Chepalus APT group is a sophisticated cyber threat actor known primarily for conducting targeted ransomware campaigns with advanced evasion […]

Learn more

Medium

Campaign, LOLBin

Privilege Escalation

EDR, Sysmon, Windows

Wbadmin Weaponized: The Silent Credential Dumping Behind Bumblebee’s Enterprise Attacks

A recent cyberattack campaign has leveraged the Bumblebee malware as an initial infection vector, demonstrating increasing sophistication in targeting enterprise […]

Learn more

Medium

Campaign, Malware

Defense Evasion, Persistence

EDR, Sysmon, Windows

Remcos RAT Campaigns Escalate: Advanced Evasion and Infection Techniques Uncovered

Remcos malware operations have remained highly active, constantly evolving to evade detection. In a recent campaign, the infamous Remcos RAT, […]

Learn more

« Previous 1 2 3 4 Next »

Labs

Security begins from Hunting

Subscribe

The weekly report on threat hunting

Filters

Silver Fox’s ICMLuaUtil UAC Bypass: Abusing Auto-Elevated COM for Stealthy Privilege Escalation

Latrodectus Unmasked: The Art of Persistent Execution via Trusted Binaries

Patch Management Under Fire: Navigating the Vulnerabilities of WSUS in Enterprise Cybersecurity

When Defense Tools Turn Adversarial: Detecting the Misuse of Velociraptor in Modern Attack Chains

Inside RemCom’s Latest Evolution: Weaponizing WinRAR Vulnerability CVE-2025-8088 in 2025 Attacks

How EDR-Freeze Turns Windows Debugging into a Weapon Against Antivirus and EDR

Beyond the Takedown: How Lumma Stealer Maintains Persistent Campaigns Worldwide

Chepalus APT: Sophisticated Ransomware Operations Leveraging DLL Side-Loading

Wbadmin Weaponized: The Silent Credential Dumping Behind Bumblebee’s Enterprise Attacks

Remcos RAT Campaigns Escalate: Advanced Evasion and Infection Techniques Uncovered

Contacts

Get in touch with us

Labs

Security begins from Hunting

Subscribe

The weekly report on threat hunting

Filters

Silver Fox’s ICMLuaUtil UAC Bypass: Abusing Auto-Elevated COM for Stealthy Privilege Escalation

Latrodectus Unmasked: The Art of Persistent Execution via Trusted Binaries

Patch Management Under Fire: Navigating the Vulnerabilities of WSUS in Enterprise Cybersecurity

When Defense Tools Turn Adversarial: Detecting the Misuse of Velociraptor in Modern Attack Chains

Inside RemCom’s Latest Evolution: Weaponizing WinRAR Vulnerability CVE-2025-8088 in 2025 Attacks

How EDR-Freeze Turns Windows Debugging into a Weapon Against Antivirus and EDR

Beyond the Takedown: How Lumma Stealer Maintains Persistent Campaigns Worldwide

Chepalus APT: Sophisticated Ransomware Operations Leveraging DLL Side-Loading

Wbadmin Weaponized: The Silent Credential Dumping Behind Bumblebee’s Enterprise Attacks

Remcos RAT Campaigns Escalate: Advanced Evasion and Infection Techniques Uncovered

Contacts

Get in touch with us

Security begins from Hunting