March 6, 2025 Key Takeaways During the period covered by the Black Basta leaked chat logs (18 September 2023 – 28 September 2024), we observed the following We observed at least 47 cryptocurrency wa…
January 15, 2025 In an incident response in Q4 of 2024, GuidePoint Security identified evidence of a threat actor utilizing a Python-based backdoor to maintain access to compromised endpoints.
Ivanti CSA Investigation/Detection Details October 9, 2024 Authors: Rui Ataide, Andrew Nelson, and Hermes Bojaxhi GuidePoint Security has recently been engaged on several incidents related to f…
June 20, 2024 TL;DR: Compromise of an SCCM administrator account can easily lead to compromise of every machine managed by SCCM.
March 8, 2024 Contributors: Justin Timothy, Threat Intelligence Consultant, Gabe Renfro, DFIR Advisory Consultant, Keven Murphy, DFIR Principal Consultant Introduction Ever since Avast released a decr…
August 3, 2023 Introduction Across the cybersecurity community, defenders are constantly finding threat actors using novel and innovative techniques to further their exploitation efforts against targe…
December 1, 2022 What if you could no longer trust the critical process values displayed on your HMI screen? Executive Summary When operating an Industrial Control System (ICS), the operator relies on…
Overview On February 11, 2019, security researchers Adam Iwaniuk and Borys Popławski responsibly disclosed a vulnerability in Runc, the standard utility for spawning and running containers in Docker,…
Overview On December 19th, 2018 Microsoft released a zero-day patch for a vulnerability that impacted multiple Internet Explorer versions within all platforms.
Overview This SPOT Report contains information on the latest vulnerability found in the Cisco ASA firewall, Cisco switches, and Cisco routers alongside the coupling ASA virtual appliances and Cisco Fi…
Overview A zero-day flaw has been released by Trend Micro’s Zero Day Initiative (ZDI) team involving an out-of-bounds write in the Microsoft JET Database Engine.
Overview On March 6th, 2018, a security researcher by the name of Meh Chang of Devcore, a Taiwanese security consulting firm, published a remote code execution vulnerability that is present in the mai…
