16255
@cissp International channel 4 Transmission Knowledge In the Field of Cyber Security with a Focus on the Content of the CISSP-ISC2 Course - - - - - - - - - - +also group: https://t.me/cisspgroup ————————— @alirezaghahrood
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Analytics
Threat Research
2023 Top Routinely Exploited Vulnerabilities
Special Thanks❤️😇👍🏽🙏
CISA Alumni Group,…
-Secure Business Continuity-
2024.11.22
——————————————————
#CyberSecurity #vCISO #Vulnerability
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_top-vulnerabilities-2023-activity-7265654191891628032-ypUk?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
tools
DFIR
ETW Forensics
Why use Event Tracing for Windows over EventLog
https://blogs.jpcert.or.jp/en/2024/11/etw_forensics.html
ETW Scanner for Volatility3
Special Thanks❤️😇👍🏽🙏
朝長 秀誠
@Shusei Tomonaga
-Secure Business Continuity-
2024.11.15
——————————————————
#CyberSecurity #vCISO #CSIRT #Malware #Event
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_diyakosecurebow-cybersecurity-vciso-activity-7263277845647409154-dhAI?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
KernelSecurity
Redefining Security Boundaries: Unveiling Hypervisor Backed Security Features For Windows Security 2024
Special Thanks❤️😇👍🏽🙏
Connor McGarr
SANS Institute
-Secure Business Continuity-
2024.11.09
——————————————————
#Hardening #CyberSecurity #vCISO
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_redefining-security-boundaries-2024-activity-7260911792611098625-HNgG?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Research
HardwareSecurity
Hardware Designs for Secure Microarchitectures 2023.
Special Thanks❤️😇👍🏽🙏
Dr.-Ing. Jan Philipp Thoma
-Secure Business Continuity-
2024.10.30
——————————————————
#CWE #Incident #CyberSecurity #vCISO
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_hardware-security-activity-7257224637728579584-6mCO?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Infographics
Malware Analysis
Ransomware Ecosystem Map, version 27 (2024)
https://github.com/cert-orangecyberdefense/ransomware_map
Special Thanks❤️😇👍🏽🙏
Marine P.
-Secure Business Continuity-
2024.10.27
——————————————————
#CyberSecurity #vCISO #Pentest #OWASP
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_malware-analysis-2024-activity-7256551819470925824-F5Tl?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
On the occasion of the first anniversary of our young and specialized startup, "Diyako Secure Bow," which operates in the field of cybersecurity, I would like to express my sincere appreciation to all the team members and colleagues who have walked with us on this challenging journey.❤️
A special thanks to the colleagues in customer relationship management as AM Team, Project control as PMO Team, Finance as Accounting and Tax Team, and the technical and engineering teams as Ciso as a Service Team (vCISO) , whose tireless efforts have played a crucial role in our success.🙏
I am also deeply grateful to the board members and senior managers for their invaluable support and trust in our decision-making.🤝
Moreover, I would like to extend my heartfelt thanks to all friends and colleagues in the cybersecurity community, who have worked closely with us, and to our partner companies, whose close cooperation has guided us along the right path.✌️
I also express my gratitude 2 the Defense Organization, the Strategic Cybersecurity Center of the Presidency(AFTA), the Cyber Police (FATA), and other official authorities 4 their support and endorsement in consulting and securing critical IT,OT infrastructures.✊🏽
Finally, I thank all those, both friends and competitors, who have taught us that the path we have chosen, based on patriotism, integrity, and professionalism, is challenging but clear.😎🤓
The 26-member family of Diyako Secure Bow, standing with you to build a Secure Digital future.🥳
+ I would also like to extend my deep gratitude to the CEOs, Chief Security Officers, Information Security Managers, SOC Managers, Cyber Incident Responders, Technology, Infrastructure, Network, Development, Planning, Industrial Automation, and …, along with all the specialists in our client base, who have placed their trust in us. This trust has enabled us to deliver exceptional and tailored services, including technical and systemic cybersecurity audits, risk management and compliance oversight(GRC), secure network design, customized training, optimization of cyber defense controls, cyber drills, data leak monitoring (ASM), and various other solutions under vCISO.🤜🤛🏻
Thank you for your confidence and collaboration, allowing us to demonstrate our true value and take meaningful steps together toward enhancing cybersecurity.
-Secure Business Continuity-
2024.10.24
——————————————————
#CyberSecurity #vCISO
#SecureBusinessContinuity
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Analytics
Red Canary Threat Detection Report:
Techniques, Trends, & Takeaways 2024.
Special Thanks❤️😇👍🏽🙏
Red Canary
-Secure Business Continuity-
2024.10.15
——————————————————
#SecurityReport #attackchain #CyberSecurity #vCISO
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_redcanary-tdr-2024-activity-7251802308009762816-nEMy?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Analytics
SCADA Security
SANS 2024 State of ICS/OT Cybersecurity October 2024.
Special Thanks❤️😇👍🏽🙏
SANS Institute
SANS ICS
-Secure Business Continuity-
2024.10.10
——————————————————
#SCADA #ICS #OT #CyberSecurity #vCISO
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_ics-ot-cybersecurity-2024-activity-7250123124417957888-d0bC?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Threat Research
DRAY BREAK
Breaking Into DrayTek Routers Before Threat Actors Do It Again 2024.
Special Thanks❤️😇👍🏽🙏
Forescout Technologies Inc.
-Secure Business Continuity-
2024.10.06
——————————————————
#Threat #Router #CyberSecurity #vCISO
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_drag-break-2024-activity-7248592527765757952-ehmp?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Whitepaper
Blue Team Techniques
Detecting and mitigating Active Directory compromises 2024:
Introduction
This guidance – authored by the Australian Signals Directorate (ASD), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) – aims to inform organisations about 17 common techniques used to target Active Directory as observed by the authoring agencies. This guidance provides an overview of each technique and how it can be leveraged by malicious actors, as well as recommended strategies to mitigate these techniques. By implementing the recommendations in this guidance, organisations can significantly improve their Active Directory security, and therefore their overall network security, to prevent intrusions by malicious actors.
Microsoft’s Active Directory is the most widely used authentication and authorisation solution in enterprise
information technology (IT) networks globally. Active Directory provides multiple services, including Active Directory Domain Services (AD DS), Active Directory Federation Services (AD FS) and Active Directory Certificate Services (AD CS). These services provide multiple authentication options, including smart card logon, as well as single sign-on with on-premises and cloud-based services.
Active Directory’s pivotal role in authentication and authorisation makes it a valuable target for malicious actors. It is routinely targeted as part of malicious activity on enterprise IT networks. Active Directory is susceptible to compromise due to its permissive default settings, its complex relationships, and permissions; support for legacy protocols and a lack of tooling for diagnosing Active Directory security issues. These issues are commonly exploited by malicious actors to compromise Active Directory.
Special Thanks❤️😇👍🏽🙏
Australian Signals Directorate
@australian cyber security center
Cybersecurity and Infrastructure Security Agency
@canadian centre for cyber security
National Security Agency
National Cyber Security Centre
-Secure Business Continuity-
2024.09.27
——————————————————
#CISA #NIST #MicrosoftSecurity #CyberSecurity #AD
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_ciso-as-a-service-activity-7245519345785688065-ofwH?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Security Operation Center (SOC) is a centralized function within an organization employing people, processes, and technology to continuously monitor and improve an organization's security posture while preventing, detecting, analyzing, and responding to cybersecurity incidents.
A SOC acts like the hub or central command post, taking in telemetry from across an organization's IT infrastructure, including its networks, devices, appliances, and information stores, wherever those assets reside. The proliferation of advanced threats places a premium on collecting context from diverse sources. Essentially, the SOC is the correlation point for every event logged within the organization that is being monitored. For each of these events, the SOC must decide how they will be managed and acted upon.
10 key functions performed by the SOC:
1. Take Stock of Available Resources
How The SOC Protects
The SOC should also have a complete understanding of all cybersecurity tools on hand and all workflows in use within the SOC. This increases agility and allows the SOC to run at peak efficiency
2. Preparation and Preventative Maintenance
Preparation
Preventative Maintenance
3. Continuous Proactive Monitoring
4. Alert Ranking and Management
5. Threat Response
These are the actions most people think of when they think of the SOC. As soon as an incident is confirmed, the SOC acts as first responder, performing actions like shutting down or isolating endpoints, terminating harmful processes (or preventing them from executing), deleting files, and more. The goal is to respond to the extent necessary while having as small an impact on business continuity as possible.
6. Recovery and Remediation
7. Log Management
8. Root Cause Investigation
9. Security Refinement and Improvement
Cybercriminals are constantly refining their tools and tactics—and in order to stay ahead of them, the SOC needs to implement improvements on a continuous basis. During this step, the plans outlined in the Security Road Map come to life, but this refinement can also include hands-on practices such as red-teaming and purple-teaming.
10. Compliance Management
Many of the SOC’s processes are guided by established best practices, but some are governed by compliance requirements. The SOC is responsible for regularly auditing their systems to ensure compliance with such regulations, which may be issued by their organization, by their industry, or by governing bodies. Examples of these regulations include GDPR, HIPAA, and PCI DSS. Acting in accordance with these regulations not only helps safeguard the sensitive data that the company has been entrusted with—it can also shield the organization from reputational damage and legal challenges resulting from a breach.
Special Thanks❤️😇👍🏽🙏
Trellix
-Secure Business Continuity-
2024.09.25
——————————————————
#CyberSecurity #SOC #CSIRT #ASM #TTP #IR #vCISO
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_diyakosecurebow-cybersecurity-soc-activity-7244670207393157120-Wv21?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
The Importance of Industrial Cybersecurity
As enterprises invest heavily in digital transformation, industrial cybersecurity will increasingly serve as a critical enabler for safely and securely advancing business goals through technological innovation.
Advancing connectivity and digitalization of operational technology (OT) provides significant benefits to the business, including:
• increased automation,
• improved process efficiency,
• better asset utilization, and
• enhanced telemetry of machinery for business forecasting and equipment maintainability.
But when the cyber risks of this connectivity aren’t addressed in tandem with innovation, the benefits can be diminished by heightened impact from security incidents.
The previous year offered up dramatic examples of the types of critical infrastructure risks that are exacerbated by the absence of effective OT cybersecurity preparation. The industrial world has seen electric power plants at risk from vulnerable information technology (IT) remote administration tools, and disruptive cyber attacks against water treatment facilities and natural gas pipelines.
This is a pivotal time for boards of directors and their executive teams— led by guidance from CISOs and risk executives—to start aligning appropriate risk management with operational innovation
Special Thanks❤️😇👍🏽🙏
-Secure Business Continuity-
2024.09.21
——————————————————
#CyberSecurity #IIOT #OT #ICS
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_industrial-cybersecurity-4-ce0ciso-activity-7243155703085838336-IK90?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Infographics
The DoD Cybersecurity Policy Chart,
October 2024.
https://csiac.org/resources/the-dod-cybersecurity-policy-chart
Special Thanks❤️😇👍🏽🙏
United States Department of Defense
-Secure Business Continuity-
2024.11.22
——————————————————
#CyberSecurity #vCISO #Dod
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_2024-dod-cyber-security-activity-7265656460599021568-U-Vn?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Analytics
2024 State of Threat and Exposure Management Report
Special Thanks❤️😇👍🏽🙏
NopSec
-Secure Business Continuity-
2024.11.09
——————————————————
#Mitre #Attack #CVE #CyberSecurity #vCISO
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_state-threat-exp-report-2024-activity-7260913892095119360-tsNV?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Here are a few reasons why organizations might perform or have a vulnerability assessment performed:
*To find and identify vulnerabilities using scanners specifically designed for this type of testing.
*To discover and identify vulnerabilities that may be difficult or unique to the organization.
*To find and identify vulnerabilities resulting from a misconfiguration.
*To find and identify permissive security settings and whether least privilege is in place.
*If a vulnerability is discovered, to determine the viability of the attack vector.
*To assess potential business and operational impact.
*To test in-place security tools, operations, and controls to determine the ability of the organization.
*to detect, defend, and counterattack.
^In remediation, the discovered issue is resolved. This means a patch or upgrade was put in place or a procedure was updated to prevent an attack.
^In mitigation, whatever is discovered is not or cannot be resolved. To bring the threat down to a more manageable level, tighter compensating security controls are put in place around it. An example might include older systems that cannot be replaced either because the manufacturer no longer supports it or a significant financial investment would have to be made; this is common in manufacturing. To mitigate the situation, systems might be placed in their own segment of the network and firewalled off with no internet or remote access.
^Verification: The verification phase is quite straightforward. It is just checking to ensure actions
taken by IT resolve the discovered issue either through remediation or mitigation.
Special Thanks❤️😇👍🏽🙏
Tenable
-Nessus Professional
-Nessus Expert
-Secure Business Continuity-
2024.11.04
——————————————————
#Patch #Vulnerability #CyberSecurity #vCISO
#SecureBusinessContinuity
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Threat Research
The CTI Research Guide: Curated Intelligence 2024.
Special Thanks❤️😇👍🏽🙏
Curated Intelligence
-Secure Business Continuity-
2024.10.31
——————————————————
#Threat #CTI #CyberSecurity #vCISO
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_cti-2024-activity-7257701114333020160-BKHJ?
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
DFIR
Analytics
Cybersecurity incident disclosures: A 13-year review October 2024.
Special Thanks❤️😇👍🏽🙏
Ideagen
-Secure Business Continuity-
2024.10.30
——————————————————
#CWE #Incident #CyberSecurity #vCISO
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_2024-cybersec-incident-disclosures-activity-7257213939204149248-Ti63?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
tools
Offensive Security
Vulnhuntr - tool to identify remotely exploitable vulnerabilities using LLMs and static code analysis
https://github.com/protectai/vulnhuntr
// World's first autonomous AI-discovered 0-day vulnerabilities
-Secure Business Continuity-
2024.10.26
——————————————————
#CyberSecurity #vCISO #Pentest #OWASP
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_diyakosecurebow-cybersecurity-vciso-activity-7255859686476763136--90v?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Analytics
2024 Dependency Management Report.
Special Thanks❤️😇👍🏽🙏
Endor Labs
-Secure Business Continuity-
2024.10.15
——————————————————
#CWE #Vulnerability #CyberSecurity #vCISO
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_dependency-report-2024-activity-7251800101097021440-luKK?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Infographics DevOps , AppSec
DevSecOps Reference Architecture 2024.
Special Thanks❤️😇👍🏽🙏
-Secure Business Continuity-
2024.10.10
——————————————————
#SecDevOps #Appsec #DevSecOps #CyberSecurity #vCISO
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_devsecops-2024-arch-activity-7249904836211597312-4FWd?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
IoT Security
The EMB3D Threat Model for Embedded Devices Sept. 2024.
https://emb3d.mitre.org
Special Thanks❤️😇👍🏽🙏
MITRE
-Secure Business Continuity-
2024.10.06
——————————————————
#Mitre #Attack #CyberSecurity #vCISO
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_mitre-map-2024-activity-7248588598533378048--f1f?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Human Risk Management (HRM):
In the evolving landscape of cybersecurity, traditional defenses like firewalls, encryption, and intrusion detection systems are no longer sufficient on their own. As cyber threats grow more sophisticated, attackers increasingly exploit the weakest link: human behavior. This has given rise to a new paradigm in cybersecurity—Human Risk Management (HRM).
HRM focuses on managing and mitigating risks that stem from human actions, whether intentional or accidental. Unlike traditional security approaches that primarily focus on technical controls, HRM recognizes that employees, partners, and even customers can be exploited through phishing attacks, social engineering, or simple human error. With cybercriminals often targeting individuals rather than systems, understanding and addressing the human factor has become essential.
Key Components of HRM
Security Awareness Training: The cornerstone of HRM is continuous education. Employees need to be trained not just once but regularly, ensuring they understand the latest threats and how to respond appropriately.
Behavioral Analytics: HRM uses tools to analyze user behavior, identifying potential risks such as unusual access patterns, abnormal downloads, or inconsistent login times that could indicate compromised accounts.
Cultural Change: Cybersecurity isn't just an IT issue; it's a company-wide concern. HRM promotes a culture of security where every employee is vigilant and understands their role in protecting the organization.
Incident Response and Reporting: Encouraging a quick and transparent reporting culture is key. Employees need to feel safe reporting suspicious activities or mistakes, allowing the organization to respond swiftly before threats escalate.
Tailored Policies: Different roles within an organization carry different levels of risk. HRM customizes security policies to reflect the unique vulnerabilities associated with each role, ensuring a more targeted approach to risk mitigation.
Why HRM Matters
The rise of remote work, cloud computing, and increasingly sophisticated phishing tactics has made human risk a critical focus for organizations. HRM helps bridge the gap between technology and human behavior, creating a more holistic and resilient defense strategy.
By treating humans as a core component of the cybersecurity ecosystem—rather than the weakest link—HRM represents the new frontier in building a robust and adaptive defense against modern cyber threats. Organizations that implement HRM not only improve their security posture but also foster a proactive and security-conscious workforce, reducing the likelihood of breaches and data loss.
Special Thanks❤️😇👍🏽🙏
Infosec
Keatron Evans
-Secure Business Continuity-
2024.09.26
——————————————————
#SecurityAwareness #Phishing #SE #simulation #BCP #Risk
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_diyakosecurebow-securityawareness-phishing-activity-7245020235555127296-NzqS?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
A Guide to Building a Secure SDLC
Which Scanning Tools Should I look at,and where do they go?
Special Thanks❤️😇👍🏽🙏
@Matt Brown
-Secure Business Continuity-
2024.09.21
——————————————————
#CyberSecurity #ApplicationSecurity #SDLC #RASP
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_guide-4-secure-sdlc-activity-7243162284502507520-YsJz?utm_source=share&utm_medium=member_ios
𝗙𝗿𝗲𝗲 𝗦𝗜𝗘𝗠 𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴𝘀 𝟮𝟬𝟮𝟰
General
📎Windows Logging Basics:
https://lnkd.in/grKYFQzJ
📎Jose Bravo - What is a SIEM? (5 Vídeos):
https://lnkd.in/gc2UDpeD
📎PowerSIEM Analyzing Sysmon Events with PowerShell:
https://lnkd.in/g_8Eq8vm
QRadar
https://lnkd.in/gd7V_4pe
📎QRadar 101:
https://lnkd.in/esbz2RjK
📎QRadar SIEM Foundation:
https://lnkd.in/es8NAdAw
📎Ariel Query Language Guide: https://lnkd.in/eAMKy25q
Splunk
📎Course Catalog :
https://lnkd.in/ekm6RekE
📎Basic Searching:
https://lnkd.in/gygnTMfD
📎Practical Splunk - Zero to Hero : https://lnkd.in/ePF_3PWj
📎Splunk Use Cases:
https://lnkd.in/eJ4CTNV2
📎Exploring Splunk:
https://lnkd.in/e8gVvMuu
Microsoft Sentinel
📎What is Microsoft Sentinel: https://lnkd.in/gdB7dAdU
📎Microsoft Sentinel Level 400 training :
https://lnkd.in/ezDkpWmx
📎SOC 101:
https://lnkd.in/evnF6kNm
FortiSIEM:
https://lnkd.in/e5TvYZYt
AlienVault OSSIM
📎Cybrary - AlienVault OSSIM: https://lnkd.in/gRZAansT
Elastic - SIEM
📎Fundamentals:
https://lnkd.in/gYNYs9vS
ArcSight
📎Paul Brettle - What is Series: https://lnkd.in/gh5ruPZt
📎Paul Brettle - ArcSight ESM 101: https://lnkd.in/gS33AJdk
📎ArcSight Tutorial:
https://lnkd.in/guEydy_U
M SureLogSIEM Training
📎Training (English):
https://lnkd.in/eAnAYDWJ
📎Training PDF:
https://lnkd.in/eXYFmqqV
📎User Guide PDF:
https://lnkd.in/e4HqkexW
LogSign
📎Training:
https://lnkd.in/eXnjymv6
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.09.20
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Whitepaper
Malware analysis
The EV Code Signature Market for eCrime 2024.
The EV Code Signature Market for eCrime:
• Code Signing Technology allows developers to digitally sign their programs, ensuring authenticity and integrity.
• This can be exploited by malicious actors to bypass security measures, gain privileges, and deceive users with seemingly legitimate certificates.
• The cybercrime market for EV certificates offers a wide range of services, including various certificate authorities and delivery methods.
• To obtain code signing certificates, resellers can register new companies, impersonate existing ones, or acquire then through theft.
Introduction
Code signing is a technology that allows software developers to attach a digital signature to their programs, proving that the code is authentic and has not been tampered with. Malicious actors exploit code signing to bypass security measures, gain administrative privileges, and enhance user trust by using legitimate-seeming certificates.
The cybercrime market for code signing certificates mainly focuses on EV certificates, with prices ranging from $2000 to $6000. The resellers can either register a new company or impersonate an existing company to get a valid certificate from a certificate authority.
Malware campaigns, such as QakBot and Grandoreiro, have used valid EV code signing certificates obtained through company impersonation or exploiting closed companies. Code signing certificates can also be obtained through theft, as seen in incidents like the theft of NVIDIA's code signing certificates by the Lapsus$ extortion group in early 2022.
Special Thanks❤️😇👍🏽🙏
Intrinsec
-Secure Business Continuity-
2024.09.17
——————————————————
#CyberSecurity #ThreatIntelligence
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_cyber-threat-intelligence-2024-activity-7241890551652925441-8nGV?utm_source=share&utm_medium=member_ios