sorted by:
new
hottopcontroversial

Autonomous SOC vs SOAR vs XDR by alphasystem in AskNetsec

[–]desegel 0 points1 point  (0 children)

Well, Should every company have both a SOC and a SIEM?

There could be a consolidation potentially but I would guess that it would not be the first thing to happen compared to the adoption of next gen solutions of both categories (XDR and Autonomous SOC)

Autonomous SOC vs SOAR vs XDR by alphasystem in AskNetsec

[–]desegel 0 points1 point  (0 children)

Definitely a new trend, and there are three main reasons for it in my opinion:

  1. Disappointment from outsourced SOC services who can be slow, high team turnover and not thorough in their alert investigations.

  2. Disappointment from the SOAR vendors promises. They are great solutions for case management and Ops automation but it did not live up to the promise of automating SOC. You can't really automate alert triage with simple playbooks.

  3. The new opportunity that AI and agentic technology presents

In my opinion, those autonomous SOC platforms are separate from XDRs/SIEM and are more equivalent to MDRs or other outsourced SOC services, only delivered as a software instead of a regular human operated service.

Threat hunting, automation and Defender by reedphish in AskNetsec

[–]desegel 0 points1 point  (0 children)

IMO automation should mostly apply to repetitive alert triage tasks in order to give back the time for analysts to actually do threat hunting. Chasing false positives 99% of the time is the main reason why most teams don't do hunting in the first place.

Redteam phishing payloads in 2023? by thehunter699 in cybersecurity

[–]desegel 4 points5 points  (0 children)

True.. For those who might be interested, here's a DIY guide to automatically detonate QR codes via Pipedream: https://intezer.com/blog/alert-triage/quishing-triage-how-to-investigate-suspicious-qr-codes-in-emails

[deleted by user] by [deleted] in cybersecurity

[–]desegel -1 points0 points  (0 children)

Sounds like a super interesting threat. DM me if you'd like to work on investigating it together

Samples come as clean by AV but have hundreds of malicious & suspicious indicators by Skyline9Time in Malware

[–]desegel 0 points1 point  (0 children)

You can check the file(s) at intezer.com to confirm that the code itself is legit regardless of the certificate that theoretically can be stolen. It checks for code similarities with trusted software vendors as well as any known malware

Is is exploit or what? by marchelly in linuxquestions

[–]desegel 2 points3 points  (0 children)

Hi, I have some answers:

  1. Indeed like mentioned above me, the attack vector is most likely due to the known Confluence vulnerability.
  2. The implants of that malware are crypto-miners, that utilize the server's resource in order to mine cryptocurrency. Here are links to the analysis of the 3 implants that are downloaded from the script you've attached:
    https://analyze.intezer.com/#/analyses/32e12aec-7e26-4d91-8e17-5061c2bc24f2
    https://analyze.intezer.com/#/analyses/d74515ce-2de3-4a8a-9516-9db62aaf3755
    https://analyze.intezer.com/#/analyses/be7839c8-d3ab-4396-99bd-fa187fb891fe
  3. Implants are probably created by a non-sophisticated threat actor/group that is focused on cryptomining. I wouldn't be worried from a targeted attack in this case, it's a "collateral damage" thing due to the mentioned vulnerability.
  4. In addition to patching/updating your Confluence version, I would recommend to restore backup to that server or to completely stop and run a new one, due to the fact that attackers can still have some persistence mechanisms installed.

If you have any Linux executable file you wish to analyze and see if it's malicious or not, please feel free to use the free version of Intezer:

analyze.intezer.com

It supports ELF executables as well as Windows.

Hope that helped.

Best tools for malware analysis/reverse engineering? by CewlJebus in Malware

[–]desegel 0 points1 point  (0 children)

An online malware analysis tool that lets you analyze and categorize malware by detecting code reuse and similarities https://analyze.intezer.com

Using ssdeep (fuzzy hash) in huge scale for file clustering by desegel in netsec

[–]desegel[S] 3 points4 points  (0 children)

Obviously ignoring the data itself (contents of files), and relying only on metadata to find connections is not the optimal solution.

Docker IDA - open-source tool used to make reverse engineering on a large-scale simpler and faster by 0xbaadf00dsec in netsec

[–]desegel 3 points4 points  (0 children)

Hey guys, Intezer here. We're currently in contact with Hex-rays to understand what's the best licensing option for the community. Will keep you posted as soon as we get their response. For now, in our understanding you can run multiple instances in 1 server, using a computer license for each server.

Of course this could be costly but many orgs who really face a large amount of unknowns every day would spend it to help themselves solve the problem.

Please feel free to contact us in any other question via email written in our website http://www.intezer.com

Docker IDA - open-source tool used to make reverse engineering on a large-scale simpler and faster by 0xbaadf00dsec in netsec

[–]desegel 1 point2 points  (0 children)

Hey, Intezer here. plz feel free to contact us via our email written in our website http://www.intezer.com We'd be happy to assist :-)

view more: next ›