Ryan Robinson, Author at Intezer

Detection Rules for Lightning Framework (and How to Make Them With Osquery)

On 21 July, 2022, we released a blog post about a new malware called Lightning Framework. Lightning is a modular malware framework...


Lightning Framework: New Undetected “Swiss Army Knife” Linux Malware ⚡

Lightning Framework is a new undetected Swiss Army Knife-like Linux malware that has modular plugins and the ability to install rootkits. Year...


New Conversation Hijacking Campaign Delivering IcedID

This post describes the technical analysis of a new campaign detected by Intezer’s research team, which initiates attacks with a phishing email...


Boost Your SOC Skills: How to Detect Good Apps Gone Bad

Threat actors have a wide range of tools and techniques they can use in cyber attacks including: malware-as-a-service, open-source tools and malware...


Make your First Malware Honeypot in Under 20 Minutes

For a free honeypot, you can use one of the several open-source options listed below. Intezer Protect users with an upgraded account...


New SysJoker Backdoor Targets Windows, Linux, and macOS

Malware targeting multiple operating systems has become no exception in the malware threat landscape. Vermilion Strike, which was documented just last September,...


Misconfigured Airflows Leak Thousands of Credentials from Popular Services

This research refers to misconfigured Apache Airflow managed by individuals or organizations (“users”). As a result of the misconfiguration, the credentials of...


Vermilion Strike: Linux and Windows Re-implementation of Cobalt Strike

Key Findings Discovered Linux & Windows re-implementation of Cobalt Strike Beacon written from scratchLinux malware is fully undetected by vendorsHas IoC and...


How to Detect Cobalt Strike

Cobalt Strike is a penetration testing tool created by Raphael Mudge in 2012. To this day, it remains extremely popular both in...


New Attacks on Kubernetes via Misconfigured Argo Workflows

Key Points Intezer has detected a new attack vector against Kubernetes (K8s) clusters via misconfigured Argo Workflows instances. Attackers are already taking advantage of this...


Global Phishing Campaign Targets Energy Sector and its Suppliers

Our research team has found a sophisticated campaign, active for at least one year, targeting large international companies in the energy, oil...


Klingon RAT Holding on for Dear Life

With more malware written in Golang than ever before, the threat from Go-based Remote Access Trojans (RATs) has never been higher. Not only...

New: Connect Microsoft Defender with Intezer's Autonomous SOC solutionNew: Connect Microsoft Defender with Intezer's Autonomous SOC solution Learn more
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt