Targeted ransomware, also known as human-operated ransomware, poses a significant threat to enterprises. In targeted ransomware attacks, adversaries use various MITRE techniques like T1069 — Permission Group Discovery, T1087 — Account Discovery, and others to learn about the permissions associated with accounts, identify misconfigurations, steal credentials, etc., to deploy ransomware across the network.

Targeted Ransomware is different from auto-propagation ransomware in the following ways:

1. Auto-propagation:

  • Steal credentials, keys, and other authentication tokens from memory, disk, etc. and deploy ransomware on infected systems
  • Spread across network mapped drives to drop and execute ransomware using tools such as WMI, PSExec, PowerShell…

Microsoft’s Detection and Response Team (DART) recently published an article about an internet-facing web server getting infected and an attacker uploading web-shell to perform Active Directory reconnaissance.

Once uploaded to the web server, web shells, allow attackers to remotely perform various tasks on the compromised system and move laterally in the network.

When an intruder manages to get a foothold onto a domain-joined system, by default, Active Directory allows users to execute LDAP queries and perform domain reconnaissance. Domain reconnaissance involves gathering information about users, the locations of critical servers (Ex: Exchange servers, IIS Web servers, MSSQL servers, etc.), …

DevOpsSec or DevSecOps is the process of integrating security best practices as part of the development and deployment process. Every organization has its own DevOps methods, and this blog focuses on a few ways to integrate deception into the DevOps cycle to provide internal security monitoring

Jenkins is one of the more widespread continuous integration (CI) and continuous delivery (CD) solutions used by organizations to perform various build and deployment tasks

Since Jenkins is such a popular DevOps engine to manage and operate software delivery cycles, it needs access to various credentials, keys, secrets, etc., …

Getting a Foothold in AWS

Adversaries target enterprises running AWS cloud applications in multiple ways to gain a foothold into their cloud environment. This article covers a few of the methods used by attackers and how to deploy deception around AWS assets to protect the infrastructure against intruders.

Enterprises have multiple access levels into their cloud environments to deploy and manage cloud infrastructure. Below are some examples in which enterprises provide various access levels and how attackers can target these to gain a foothold.

Web Tier — attackers can conduct exploitation on ports 80 and 443 against vulnerable applications to gain a foothold into the…

Venu Vissamsetty

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store