https://www.domaintools.com/authors/joe-slowik Innovative, Practical Advice to Improve your Cybersecurity Posture en-US https://wordpress.org/?v=6.7.2 https://www.domaintools.com/resources/blog/leaping-down-a-rabbit-hole-of-fraud-and-misdirection/ Thu, 29 Apr 2021 00:00:00 +0000 51 DomainTools Research https://domaintools.wpengine.com/leaping-down-a-rabbit-hole-of-fraud-and-misdirection/ Joe Slowik identifies a methodology for uncovering likely campaigns and defensive advice to prevent BEC.

]]> https://www.domaintools.com/resources/blog/an-undersea-royal-road-exploring-malicious-documents-and-associated-malware/ Thu, 22 Apr 2021 00:00:00 +0000 51 DomainTools Research https://domaintools.wpengine.com/an-undersea-royal-road-exploring-malicious-documents-and-associated-malware/ DomainTools researchers have identified a phishing campaign targeting underwater research and weapon development organizations in the Russian Federation.

]]> https://www.domaintools.com/resources/blog/covid-19-phishing-with-a-side-of-cobalt-strike/ Thu, 01 Apr 2021 00:00:00 +0000 51 DomainTools Research https://domaintools.wpengine.com/covid-19-phishing-with-a-side-of-cobalt-strike/ Senior Security Researcher, Joe Slowik, analyzes an intrusion with COVID-19 themed lures actively targeting Vietnamese entities from late 2020 through early 2021.

]]> https://www.domaintools.com/resources/blog/examining-exchange-exploitation-and-its-lessons-for-defenders/ Wed, 10 Mar 2021 00:00:00 +0000 51 DomainTools Research https://domaintools.wpengine.com/examining-exchange-exploitation-and-its-lessons-for-defenders/ Insight on the rapid expansion in Microsoft Exchange exploitation and potential recourse in order for defenders to reduce the likelihood of intrusion.

]]> https://www.domaintools.com/resources/blog/centreon-to-exim-and-back-on-the-trail-of-sandworm/ Wed, 03 Mar 2021 00:00:00 +0000 51 DomainTools Research https://domaintools.wpengine.com/centreon-to-exim-and-back-on-the-trail-of-sandworm/ Learn how to more accurately disposition and prosecute intrusions with the background knowledge to appropriately categorize and understand identified intrusions.

]]> https://www.domaintools.com/resources/blog/the-continuous-conundrum-of-cloud-atlas/ Thu, 25 Feb 2021 00:00:00 +0000 51 DomainTools Research https://domaintools.wpengine.com/the-continuous-conundrum-of-cloud-atlas/ DomainTools researchers have identified persistent activity linked to previous analysis of initial access activity associated with an entity referred to as Cloud Atlas.

]]> https://www.domaintools.com/resources/blog/visibility-monitoring-and-critical-infrastructure-security/ Thu, 11 Feb 2021 00:00:00 +0000 51 DomainTools Research https://domaintools.wpengine.com/visibility-monitoring-and-critical-infrastructure-security/ Joe Slowik provides an overview of the Oldsmar incident and delivers defensive countermeasures and attack surface reduction recommendations.

]]> https://www.domaintools.com/resources/blog/change-in-perspective-on-the-utility-of-sunburst-related-network-indicators/ Fri, 22 Jan 2021 00:00:00 +0000 51 DomainTools Research https://domaintools.wpengine.com/change-in-perspective-on-the-utility-of-sunburst-related-network-indicators/ Learn how organizations can defend against SUNBURST-like attacks by shifting their approach from external analysis to internal enrichment.

]]> https://www.domaintools.com/resources/blog/the-devils-in-the-details-sunburst-attribution/ Thu, 14 Jan 2021 00:00:00 +0000 51 DomainTools Research https://domaintools.wpengine.com/the-devils-in-the-details-sunburst-attribution/ Senior Security Researcher Joe Slowik outlines the attribution process, working to identify the threat actors responsible for the recent Solorigate activity.

]]> https://www.domaintools.com/resources/blog/tracking-a-trickbot-related-ransomware-incident/ Wed, 06 Jan 2021 00:00:00 +0000 51 DomainTools Research https://domaintools.wpengine.com/holiday-bazar-tracking-a-trickbot-related-ransomware-incident/ DomainTools researchers recently learned of a ransomware campaign targeting multiple entities. The incident highlighted several methods of network and malware analysis th

]]>