www.uptycs.com
Open in
urlscan Pro
2606:2c40::c73c:67e2
Public Scan
URL:
https://www.uptycs.com/blog/cyclops-ransomware-stealer-combo
Submission: On June 07 via api from TR — Scanned from DE
Submission: On June 07 via api from TR — Scanned from DE
Form analysis 1 forms found in the DOM
POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2617658/0492e7b1-c029-4110-8042-598f482d9802
<form id="hsForm_0492e7b1-c029-4110-8042-598f482d9802_4771" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2617658/0492e7b1-c029-4110-8042-598f482d9802"
class="hs-form-private hsForm_0492e7b1-c029-4110-8042-598f482d9802 hs-form-0492e7b1-c029-4110-8042-598f482d9802 hs-form-0492e7b1-c029-4110-8042-598f482d9802_4cb5ae38-56a0-4450-b688-89ab5211d6a4 hs-form stacked hs-custom-form"
target="target_iframe_0492e7b1-c029-4110-8042-598f482d9802_4771" data-instance-id="4cb5ae38-56a0-4450-b688-89ab5211d6a4" data-form-id="0492e7b1-c029-4110-8042-598f482d9802" data-portal-id="2617658" data-hs-cf-bound="true">
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-0492e7b1-c029-4110-8042-598f482d9802_4771" class="" placeholder="Enter your " for="email-0492e7b1-c029-4110-8042-598f482d9802_4771"><span></span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-0492e7b1-c029-4110-8042-598f482d9802_4771" name="email" required="" placeholder="your_name@email.com*" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="Submit"></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1686103805925","formDefinitionUpdatedAt":"1683658686977","lang":"en","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36","pageTitle":"Cyclops Ransomware and Stealer Combo: Exploring a Dual Threat","pageUrl":"https://www.uptycs.com/blog/cyclops-ransomware-stealer-combo","pageId":"118749292421","isHubSpotCmsGeneratedPage":true,"canonicalUrl":"https://www.uptycs.com/blog/cyclops-ransomware-stealer-combo","contentType":"blog-post","hutk":"03b570e98d97ba53f6e491c3e591468d","__hsfp":78086756,"__hssc":"26386402.1.1686103806431","__hstc":"26386402.03b570e98d97ba53f6e491c3e591468d.1686103806430.1686103806430.1686103806430.1","formTarget":"#hs_form_target_form_683470893","formInstanceId":"4771","rawInlineMessage":"Thanks for submitting the form.","hsFormKey":"f5f6967922511719d6cffb2ca3d3beb5","pageName":"Cyclops Ransomware and Stealer Combo: Exploring a Dual Threat","locale":"en","timestamp":1686103806443,"originalEmbedContext":{"portalId":"2617658","formId":"0492e7b1-c029-4110-8042-598f482d9802","region":"na1","target":"#hs_form_target_form_683470893","isBuilder":false,"isTestPage":false,"isPreview":false,"formInstanceId":"4771","formsBaseUrl":"/_hcms/forms","css":"","inlineMessage":"Thanks for submitting the form.","isMobileResponsive":true,"rawInlineMessage":"Thanks for submitting the form.","hsFormKey":"f5f6967922511719d6cffb2ca3d3beb5","pageName":"Cyclops Ransomware and Stealer Combo: Exploring a Dual Threat","pageId":"118749292421","contentType":"blog-post","formData":{"cssClass":"hs-form stacked hs-custom-form"},"isCMSModuleEmbed":true},"correlationId":"4cb5ae38-56a0-4450-b688-89ab5211d6a4","renderedFieldsIds":["email"],"captchaStatus":"NOT_APPLICABLE","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.3300","sourceName":"forms-embed","sourceVersion":"1.3300","sourceVersionMajor":"1","sourceVersionMinor":"3300","_debug_allPageIds":{"embedContextPageId":"118749292421","analyticsPageId":"118749292421","pageContextPageId":"118749292421"},"_debug_embedLogLines":[{"clientTimestamp":1686103806000,"level":"INFO","message":"Retrieved customer callbacks used on embed context: [\"getExtraMetaDataBeforeSubmit\"]"},{"clientTimestamp":1686103806002,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"Cyclops Ransomware and Stealer Combo: Exploring a Dual Threat\",\"pageUrl\":\"https://www.uptycs.com/blog/cyclops-ransomware-stealer-combo\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36\",\"pageId\":\"118749292421\",\"isHubSpotCmsGeneratedPage\":true}"},{"clientTimestamp":1686103806003,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"DE\""},{"clientTimestamp":1686103806437,"level":"INFO","message":"Retrieved analytics values from API response which may be overriden by the embed context: {\"hutk\":\"03b570e98d97ba53f6e491c3e591468d\",\"canonicalUrl\":\"https://www.uptycs.com/blog/cyclops-ransomware-stealer-combo\",\"contentType\":\"blog-post\",\"pageId\":\"118749292421\"}"}]}"><iframe
name="target_iframe_0492e7b1-c029-4110-8042-598f482d9802_4771" style="display: none;"></iframe>
</form>Text Content
___
×
This website stores cookies on your computer. These cookies are used to collect
information about how you interact with our website and allow us to remember
you. We use this information in order to improve and customize your browsing
experience and for analytics and metrics about our visitors both on this website
and other media. To find out more about the cookies we use, see our Privacy
Policy
If you decline, your information won’t be tracked when you visit this website. A
single cookie will be used in your browser to remember your preference not to be
tracked.
Accept Decline
* Products
UNIFIED CNAPP AND XDR PLATFORM
Reduce risk and prioritize responses to threats, vulnerabilities, and
misconfigurations—all from a single UI and data model.
CNAPP
* Overview
* CWPP
* CSPM
* CIEM
* CDR
XDR
* Overview
SOLUTIONS
By Attack Surface
* AWS
* Azure
* Google Cloud
* Containers and Kubernetes
* Endpoints
By Use Case
* Detection and Response
* Threat Hunting
* CSIRT
* Vulnerability Scanning
* Compliance
Why Uptycs?
* Services
SERVICES
Discover how to empower your team with professional services, expert support,
security education, and managed services for a robust security experience.
MANAGED SERVICES (MDR)
* Overview
TRAINING AND SUPPORT
* Support and Professional Services
* Training and Education
* Partners
PARTNERS
Learn about partnering with Uptycs: Elevate your business by uniting CNAPP +
XDR, and become a trusted reseller, MSSP, or systems integrator.
CLOUD SERVICE PROVIDERS
* AWS
* Azure
* Google Cloud
Overview
* Resources
RESOURCES
Everything you need to know about Uptycs. From product information to how
Uptycs is helping meet our customers needs.
RESOURCES
* All Resources
* All Blogs
* All Events
RESOURCES
Uptycs Live - The Golden Thread: Correlating Attacks from Laptops to Cloud
All Resources
BLOG
RTM Locker Ransomware as a Service (RaaS) Now Suits Up for Linux Architecture
All Blogs
EVENTS
Gartner Security & Risk Management Summit June 5-7
All Events
* Company
UPTYCS
Discover Uptycs' groundbreaking approach to tackling modern security
challenges, uniting teams, and connecting insights across your attack surface
for unparalleled protection.
ABOUT US
* Overview
* Careers
* Security Practices
IN THE NEWS
Uptycs Achieves AWS Security Competency Status
Contact Us
All Press and News
Contact Us
Request a demo
CYCLOPS RANSOMWARE AND STEALER COMBO: EXPLORING A DUAL THREAT
Tags: Malware, Threat Intelligence, Endpoint Security, EDR, Threat Research,
XDR, macOS, linux, stealer, ransomware, windows
UPTYCS THREAT RESEARCH
June 05, 2023
Share:
*
*
*
*
In our ongoing efforts to monitor and identify emerging threats on the dark web,
the Uptycs threat research team has recently uncovered a new and alarming
threat. Last time, we came across the notorious RTM Locker ransomware. This time
we’ve stumbled upon a new actor known as the Cyclops threat group.
The Cyclops group is particularly proud of having created ransomware capable of
infecting all three major platforms: Windows, Linux, and macOS. In an
unprecedented move, it has also shared a separate binary specifically geared to
steal sensitive data, such as an infected computer name and a number of
processes. The latter targets specific files in both Windows and Linux.
THREAT ATTRIBUTION
Uptycs threat intelligence actively monitors the dark web, where we recently
encountered a new ransomware-as-a-service (RaaS) provider. In addition to
offering ransomware services, this entity also supplies a separate binary for
stealing purposes.
The threat actor behind this RaaS promotes its offering on forums. There it
requests a share of profits from those engaging in malicious activities using
its malware.
Fig. 1 - Cyclops admin post
The threat developer provides a separate panel to facilitate distribution of its
ransomware for the aforementioned three operating systems.
Within the same panel are distinct binaries available for the ancillary stealer
component that is tailored specifically for Linux and Windows.
Fig. 2 - Cyclops admin panel
Acting as a sort of bank, the website includes a financial section, offering a
Cyclops attacker the ability to initiate a withdrawal of paid-up ransom amounts.
Fig. 3 - Cyclops payment panel
The threat developers are able to promptly address real-time issues and to
provide rewards for valuable suggestions.
RANSOMWARE BINARY ANALYSIS
WINDOWS
After extracting the downloaded archive file obtained from the panel, Uptycs
discovered the presence of the builder binary and a readme.txt file.
Additionally, the threat actor has privately shared a builder ID for creating a
ransom payload named locker.exe.
Fig. 4 - Generating ransom payload
This payload is specifically designed to infect both local and networked
machines. The accompanying text file contains payload execution
instructions—both with and without command line arguments.
Fig. 5 - Ransom payload execution command line
The Cyclops ransomware payload is a compiled executable binary specifically
aimed for x64-bit architecture using the VC++ compiler.
The payload scans and identifies processes running on victims’ machines,
immediately terminating any process that could hinder encryption of targeted
files it intends to hold hostage.
Such processes include:
xfssvccon.exe synctime.exe ocomm.exe excel.exe wordpad.exe steam.exe
ocautoupds.exe
svc.exe
visio.exe sql.exe notepad.exe dbeng50.exe thunderbird.exe powerpnt.exe mspub.exe
dbsnmp.exe tbirdconfig.exe outlook.exe msaccess.exe agntsvc.exe thebat.exe
onenote.exe vmms.exe TeamViewer.exe vmwp.exe oracle.exe vc.exe
Mydesktopservice.exe ig.exe ocssd.exe firefox.exe sqbcoreservice.exe
Fig. 6 - Termination process list
The payload uses the GetLogicalDriveStrings API to retrieve system logical drive
information.
Fig. 7 - Get logical drive information
After obtaining drive letters, it enumerates the folders and drops a ransom note
file named, How To Restore Your Files.txt on the disk. Before encrypting any
given file, the payload checks if its file extension matches a predefined list
(figure 8). If not, the file gets encrypted and a .CYCLOPS extension is
appended, e.g., LICENSE.txt.CYCLOPS.
Fig. 8 - Exclude file extension list
An attacker obtains shadow copy details from a victim system by executing a
SELECT * FROM Win32_ShadowCopy query. Query output includes information such as
each shadow copy ID, creation time, volume name, and other relevant details.
Next the payload initiates deletion of a specific shadow copy identified by its
ID; it does so by executing the Windows Management Instrumentation command line
(WMIC) utility via a command prompt.
DELETE SHADOW COPY COMMAND
cmd.exe /c C:\Windows\System32\wbem\WMIC.exe shadow copy where "ID='{<ID>}'"
delete
RANSOM NOTE
The ransom note message points to an Onion site where a victim can visit to
potentially recover their encrypted files.
Fig. 9 - Ransom note
LINUX
The Linux binary is a Golang-compiled file, where its function names are
stripped to make reverse engineering difficult. It’s CGO-based, where the source
code is written in C and built on Golang.
On executing the sample, it provides options to encrypt files in a specific
path, virtual machines, or enable verbose output as shown in Figure 10.
Fig. 10 - Linux ransomware arguments
EXCLUDED ENCRYPTION FILES AND FOLDERS
Files present in /proc and /boot are not encrypted. Rather, it encrypts files
having extensions .vmcx, .vmdk, .vmem, .vmrs, .vmsd, .vmsn, .txt, .csv ,.lock,
.pdb, .csv and many others.
And it drops a ransom note in every folder it encrypts.
Fig. 11 - Linux ransomware note
After encrypting all the files it then generates a report of statistics related
to found files, encrypted files, encrypted error files, time, et al.
Fig. 12 - Report of Cyclops ransomware (Linux) after encryption
ENCRYPTION LOGIC OF WINDOWS AND LINUX
The encryption is complex; all functions statically implemented using a
combination of asymmetric and symmetric encryptions. Here is a look at the
encryption procedure.
* There is a call to CryptAcquireContext to acquire the handle of a particular
key container within CSP.
* Cryptgenrandom is then called to fill a buffer with a cryptographically
random 32 bytes, the handle obtained in step1 being passed as a parameter.
(In Linux, the crypto_rand_batched Golang library highlighted in figure 14 is
used to generate 32 random bytes.)
Fig. 13 - Random number generation in Windows
Fig. 14 - Random number generation in Linux
* The random bytes are used as a private key during the ECDH algorithm on
Curve25519.
* The private key is now used to generate the public key through Curve25519,
which is appended at the end of the encrypted file.
* A shared key/session key in ECDH is now generated through Curve25519, using
the private key from step 2 and the attacker's public key hardcoded in the
file. In Windows, Curve25519 encryption is statically implemented, making
reverse engineering difficult. Golang library Curve25519 is used in Linux.
Fig. 15 - Curve25519 implementation in Windows
Fig. 16 - Curve25519 ECDH public key (Windows)
Fig. 17 - Curve25519 call in Linux
* The generated shared/session key SHA512 hash is calculated and used during
symmetric encryption. It’s statically implemented, with all file constants
being hardcoded.
Fig. 18 - SHA512 implementation in Windows
* The CRC32 of the SHA512 hash is computed and appended at the end of the
encrypted file. The CRC32 function is also statically implemented with all
constants contained within the file.
Fig. 19 - Hardcoded CRC32 constants in Windows file
* The symmetric encryption used here is HC-256 (a stream cipher). It takes the
first 32 bytes of generated SHA512 as a key and the next 32 bytes of
generated 512 as the initialization vector (IV). Figure 20 shows how the key
and IV are expanded to a 2560-word (0xA00) array.
Fig. 20 - HC-256 algorithm implementation in Windows
* Linux symmetric encryption uses ChaCha, where the key and IV are derived from
the generated shared/session key SHA512 hash.
Fig. 21 - ChaCha implementation in Linux
* After encryption in both Windows and Linux using the public key, CRC32 and a
file marker are appended to the end of the file. Used to identify if the file
has already been encrypted (so as not to repeat encryption), the Linux file
marker is 00ABCDEF, whereas in Windows it’s 000000000000000000000000.
LINUX:
Fig. 22 - Encrypted file contents in Linux
WINDOWS:
Fig. 23 - Encrypted file contents in Windows
MACOS
The hash is a Golang-compiled file (same as the Linux variant) and is in the
form of a mach-O binary (figure 24).
Fig. 24 - mach-0 binary information
On executing our sample, it provided options to encrypt files in a specific
path, virtual machines, or enable verbose output (figure 25).
Fig. 25 - Ransom execution command
The option chosen for ransom execution places encrypted files in a designated
folder, accompanied by ransom note (How to Restore Your Files.txt) (figure 26).
Fig. 26 - Ransom encrypted folder
STEALER BINARY
WINDOWS STEALER
This stealer can be downloaded from the aforementioned master Cyclops panel
(figure 2). After extracting the downloaded archive file, we obtained two files:
stealer.exe and config.json.
The stealer is an executable binary for x64 systems that extracts system
information from targeted machines.
OS details Computer name Number of processes Logon server
Following that, the stealer reads its config.json file located in the same
directory as its execution. It contains a list of filenames along with
corresponding extensions and sizes.
Fig. 27 - Config.json file
Next the stealer scrutinizes the \system32 directory for the existence of
unidentified files, (characterized by randomly generated and excessively long
filenames).
Fig. 28 - Checking for random files in \system32 folder
The stealer then enumerates directories and checks for the presence of targeted
files and specific file extensions. If any matches are found, it creates a new,
password-protected zip file (zip file name-n.zip) that includes an exact copy of
the identified file along with its corresponding folder tree structure. The data
is then exfiltrated to the attacker’s server.
Fig. 29 - Collected victim files in temp folder
The zip file name-n.zip contains illicitly obtained files from victims’
machines.
Fig. 30 - Inside a zip file
LINUX STEALER
This stealer is also obtained from the master Cyclops panel (figure 2). Upon
extracting the archive file obtained from the panel, we again discovered two
files: stealer.linux and config.json. This stealer functionality is similar to
the Windows stealer, with both being Golang-compiled. It starts by reading
config.json located in the same directory as its execution. This file contains a
filename list along with their corresponding extensions and sizes.
Fig. 31 - Configuration file - Linux
The stealer enumerates directories and checks for the presence of targeted files
and specific file extensions mentioned in the JSON file. If matches are found,
it creates a new, password-protected zip file (zip file name-n.zip) that
includes an exact copy of the identified file along with its corresponding
folder tree structure inside a /tmp directory.
It then uploads the zip files:
https[:]//api[.]bayfiles[.]com/upload
https[:]//api[.]anonfiles[.]com/upload
The Uptycs team is still working on the stealer component and will be updating
our blog as we get more information.
SIMILARITIES WITH BABUK AND LOCKBIT RANSOMWARE
* Cyclops ransomware encryption logic shares similarities with Babuk
ransomware. Like Cyclops, the latter also used Curve25519 and HC-256 for
Windows encryption. And again like Cyclops, Babuk uses the combination of
Curve25519 and ChaCha.
* Executable strings are encoded and stored as a stack string in the Cyclops
ransomware. To use these strings, they’re dynamically decoded through
computations that involve addition, subtraction, shifting, XORing, et al.
Such encoding was similarly observed in Lockbit v2.
Fig. 32 - Stack string obfuscation in Cyclops ransomware
Fig. 33 - Stack string obfuscation in Lockbit v2 ransomware
UPTYCS DETECTION
Given that our platform is armed with YARA process scanning and advanced
detections, Uptycs XDR clients can easily scan for Linux and Macintosh
ransomware.
Fig. 34 - Uptycs detection - macOS/Linux
Not to be left out, the Uptycs product is also equipped with specialized alert
detection for Windows ransomware.
Fig. 35 - Uptycs detection - Windows
QUERY TO SCAN FOR MALICIOUS STEALERS
The following query scans a temporary location to identify a stealer. However,
there is no guarantee that a stealer will be present in the sample location
shown. Therefore, you should scan any suspicious files based on your own system
location.
QUERY – WINDOWS:
> select * from yara where count > 0 and path like
> 'C:\Users\%\AppData\Local\Temp\%%' and rule = 'rule
> Uptycs_Infostealer_Cyclops_windows
>
> {
>
> meta:
>
> malware_name = "Infostealer"
>
> description = "Infostealers are malwares that can steal credentials from
> browsers, FTP clients, email clients etc from victim machines."
>
> author = "Uptycs Inc"
>
> version = "1"
>
>
>
>
>
> strings:
>
> $string_0 = {0F B6 B4 18 EA 01 00 00 40 C0 EE 04 40 0F B6 F6 48 8D 3D ??
> ?? ?? 00 0F B6 34 37 0F 1F 00 48 81 FA 0B 02 00 00 0F 83 ?? ?? 00 00}
>
> $string_1 = {44 0F B6 84 18 EA 01 00 00 41 83 E0 0F 41 0F B6 3C 38 48 81
> FE 0B 02 00 00 72 95}
>
> $string_2 = {FF D0 48 81 C4 50 01 00 00 59}
>
> $string_3 = "GetSystemInfo" ascii wide
>
> $string_4 = "GetProcessAffinityMask" ascii wide
>
> $string_5 = "GetEnvironmentStrings" ascii wide
>
> $string_6 = "GetConsoleMode" ascii wide
>
> $string_7 = "math.Vr8NUS" ascii wide
>
> $string_8 = "json:\"status\"" ascii wide
>
>
>
>
>
> condition:
>
> all of them
>
> }'
QUERY - LINUX:
> select * from yara where count > 0 and path like '/tmp' and rule = 'rule
> Uptycs_Infostealer_Cyclops
> {
> meta:
> malware_name = "Infostealer"
> description = "Infostealers are malwares that can steal credentials from
> browsers, FTP clients, email clients etc from victim machines."
> author = "Uptycs Inc"
> version = "1"
>
>
> // All are moving patterns
>
>
> strings:
> $Infostealer_Cyclops_0 = {48 81 EC B0 00 00 00 48 89 AC 24 A8 00 00 00 48 8D
> AC 24 A8 00 00 00 48 BA 2F 70 DC 38 93 99 77 CB 48 89 54 24 6C 48 BA D8 1F 8E
> E2 21 03 59 E8 48 89 54 24 74 48 BA 21 03 59 E8 CB 81 2D E4 48 89 54 24 78 48
> BA E6 FC 0D 2D D9 82 66 1D 48 89 94 24 80 00 00 00}
> $Infostealer_Cyclops_1 = {48 BA 46 87 69 74 E3 8F F8 08 48 89 94 24 88 00 00
> 00 48 BA 73 62 58 40 B0 D3 FC 18 48 89 94 24 90 00 00 00 48 BA 57 FA 61 40 F0
> D4 0D 2B 48 89 94 24 98 00 00 00 48 BA 36 0F 3B 23 74 94 3E B3 48 89 94 24 A0
> 00 00 00 44 0F 11}
> $Infostealer_Cyclops_2 = {48 BA 64 42 44 53 31 6E 75 39 48 89 54 24 34 48 BA
> 2D 6F 3E 20 2C 2C 39 72 48 89 54 24 3C 48 BA 2C 2C 39 72 65 00 37 46}
> $Infostealer_Cyclops_3 = {48 BA 6D 75 73 71 7A 6F 4C 20 48 89 54 24 1E 48 BA
> 73 6F 6F 20 72 6F 47 7F 48 89 54 24 26 48 BA 04 01 0F 01 05 08 05 03}
> $Infostealer_Cyclops_4 = {49 3B 66 10 0F 86 EC 00 00 00 48 83 EC 50 48 89 6C
> 24 48 48 8D 6C 24 48 48 BA 73 54 74 75 63 74 75 7F 48 89 54 24 30 48 BA DF 20
> 6E F2 65 64 01 EB 48 89 54 24 38 48 BA CF 6C FE 49 06 CB F7 3C 48 89 54 24 40
> 48 BA 08 02 15 17 08 01 0F 01 48}
>
>
>
>
> condition:
> all of ($Infostealer_Cyclops*)
> }’
CONCLUSION AND PRECAUTIONS
* Promoting user awareness and education is crucial in preventing successful
attacks. Users should exercise caution when handling email attachments,
visiting suspicious websites, or downloading files from untrusted sources.
Implementing robust email filtering and providing education on phishing
techniques can effectively mitigate such risks.
* Perform regular backups of critical data to mitigate the impact of ransomware
attacks. Your backups should be securely stored and periodically tested to
ensure data integrity and availability.
* Regularly updating your security software and conducting system scans can
help detect and prevent such threats.
* Transmission of stolen data to an attacker's server highlights the importance
of network monitoring and intrusion detection systems (IDS). Organizations
should invest in robust network security measures to identify and block
suspicious outbound traffic.
* Organizations should prioritize implementing multi-factor authentication
(MFA) for critical systems and sensitive data access. MFA adds an extra layer
of security, making it more challenging for attackers to gain unauthorized
access by requiring additional authentication factors.
RELATED POSTS
Malware, Threat Intelligence, Endpoint Security, EDR, Threat Research, XDR,
macOS, linux, stealer, ransomware, windows
CYCLOPS RANSOMWARE AND STEALER COMBO: EXPLORING A DUAL THREAT
UPTYCS THREAT RESEARCH
June 5, 2023
Cybersecurity, Cloud Threat Detection, XDR vs CDR, Threat Detection, Cloud
Environment, XDR vs EDR, CDR vs EDR, XDR vs EDR vs CDR, EDR vs XDR
XDR VS EDR VS CDR: WHAT’S THE DIFFERENCE?
LAURA KENNER
June 5, 2023
Threat Intelligence, Cybersecurity, Zero-Trust
EXPLORING CUTTING-EDGE SECURITY STRATEGIES AT THE GARTNER SECURITY AND RISK
MANAGEMENT SUMMIT 2023
MARK BLISS
June 2, 2023
Osquery, Cloud Security, Security Analytics, Announcement, Uptycs
FIRING ON ALL CYLINDERS: GROWTH, CUSTOMERS, TEAM & $50M SERIES C FUEL UPTYCS'
SUCCESS
GANESH PAI
June 1, 2023
Cybersecurity Careers, Amanda Berlin, Mental Health, Mental Health Hackers
STRIKING A BALANCE: RECAP OF OUR LIVE EVENT ON CYBERSECURITY & MENTAL HEALTH
LAURA KENNER
May 18, 2023
Kubernetes, Cybersecurity, Container Security, Cloud Identity, Kubernetes
Container Security
RBAC IN KUBERNETES: HOW TO AUDIT PERMISSIONS, IDENTITIES, AND ROLES
SIBAN MISHRA
May 12, 2023
Cybersecurity, RSA Conference 2023, RSA
KEY TAKEAWAYS FROM RSAC 2023 WITH CYBERSECURITY CEO TASHA HOLLOWAY
TASHA HOLLOWAY
May 11, 2023
Threat Hunting, Detection, Cybersecurity, Cloud Threat Detection, Cloud
Detection and Response, Threat Detection
HOW ANOMALY DETECTION ADVANCES THREAT HUNTING AND DETECTION—ESPECIALLY IN THE
CLOUD
CRAIG CHAMBERLAIN
May 5, 2023
Threat Intelligence, Endpoint Security, Threat Research, Cybersecurity
RTM LOCKER RANSOMWARE AS A SERVICE (RAAS) NOW SUITS UP FOR LINUX ARCHITECTURE
UPTYCS THREAT RESEARCH
April 26, 2023
Endpoint Security, User Security, Slack, OttoM8
ENHANCE ENDPOINT DEVICE SECURITY WITH UPTYCS OTTO M8 SLACK INTEGRATION
LAURA KENNER
April 24, 2023
Cloud Security, Endpoint Security, Uptycs, Cybersecurity
SHIFT UP SECURITY: THE END OF THE CYBERSECURITY POINT SOLUTIONS ERA
GANESH PAI
April 23, 2023
Cyber Security Strategy, Endpoint Security, Uptycs, Cybersecurity, Chris
Castaldo, SMB, Startups
CYBERSECURITY FOR STARTUPS: CRUCIAL STRATEGIES & EXPERT TIPS WITH CHRIS CASTALDO
LAURA KENNER
April 20, 2023
Malware, Threat Research, XDR, APT-36, Transparent Tribe, Pakistan, India,
Mythic Poseidon, linux
DECIPHERING APT-36'S LATEST LINUX MALWARE CAMPAIGN: UNVEILING CYBER ESPIONAGE IN
INDIA
TEJASWINI SANDAPOLLA
April 17, 2023
Uptycs, Cybersecurity, Container Security, Control Plane, Container Kubernetes,
Container Security Kubernetes, Containers and Kubernetes
UPTYCS ENHANCES KUBERNETES RBAC SECURITY WITH IDENTITY RISK CAPABILITIES
JEREMY COLVIN
April 17, 2023
Malware, Threat Intelligence, Endpoint Security, Threat Research, XDR, Cloud
Threat Detection, Infostealer, Threat Detection, Infostealer trojan, Trojan
Infostealer
ZARAZA BOT CREDENTIAL STEALER TARGETS BROWSER PASSWORDS
UPTYCS THREAT RESEARCH
April 14, 2023
Container Kubernetes, Kubernetes Container Security, Container Security
Kubernetes, Containers and Kubernetes, Future of Containers, Future of
Kubernetes, Kubernetes Containers
CONTAINERS AND KUBERNETES SECURITY: EXPLORING THE ROAD AHEAD
JEREMY COLVIN
April 12, 2023
Aws Iam instance profile, Instance profile, Aws instance profile, Iam instance
profile, Aws_iam_instance_profile, Instance profile aws, Aws instance profiles
THE UNHOLY MARRIAGE OF AWS IAM ROLES AND INSTANCE PROFILES
ANDRE RALL
April 11, 2023
M&A Cybersecurity, Cybersecurity M&A due diligence, Cybersecurity M&A,
Cybersecurity in M&A, Cybersecurity mergers and acquisitions, mergers and
acquisition Cybersecurity
THE IMPORTANCE OF CYBERSECURITY IN M&A DUE DILIGENCE
LAURA KENNER
April 6, 2023
Osquery, MITRE ATT&CK Framework and osquery, MITRE ATT&CK Framework, ATT&CK
MITRE Framework, Framework MITRE ATT&CK
MITRE ATT&CK FRAMEWORK AND OSQUERY: SCIENTIFIC DETECTION
LAURA KENNER
April 6, 2023
CDR, CDR Acronym
I USED TO THINK CDR WAS A SILLY ACRONYM
JACK ROEHRIG
April 4, 2023
3CX Supply Chain Cyber Attack, 3cx, Software supply chain attacks, Supply chain
attack, supply chain attacks, Supply chain cyber attack, Supply chain cyber
attacks
3CX SUPPLY CHAIN CYBER ATTACK: AN ANALYSIS OF WINDOWS AND MACOS MALICIOUS
LIBRARIES
UPTYCS THREAT RESEARCH
April 4, 2023
Featured, RSA Conference, RSA Conference 2023, RSA Conference Security, RSA
Security Conference, RSA Security Conference 2023, 2023 RSA Conference, RSA, RSA
Cybersecurity Conference
UPTYCS AT RSA CYBERSECURITY CONFERENCE 2023: UNVEILING INSIGHTS & INNOVATIONS
MARK BLISS
March 30, 2023
Malware, Mac EDR, Threat Intelligence, Threat Research, XDR, Infostealer, macOS
MACSTEALER: UNVEILING A NEWLY IDENTIFIED MACOS-BASED STEALER MALWARE
SHILPESH TRIVEDI
March 24, 2023
Cloud Security, Kubernetes, Container Security, CNAPP
CNAPP: 2023 GARTNER® MARKET GUIDE - 6 PRIMARY INSIGHTS
CRYSTAL POENISCH
March 22, 2023
Cybersecurity, Women in Cybersecurity, Women's History Month
WOMEN IN CYBERSECURITY: CHALLENGES, SUCCESSES, & PLANS FOR THE FUTURE
LAURA KENNER
March 16, 2023
Malware, Detection, Incident Response, BatLoader
TRACKING BATLOADER MALWARE USING UPTYCS
UPTYCS TEAM
March 16, 2023
Uptycs, Cybersecurity, Women in Cybersecurity, Career Change, Empowering Women,
IT, College Education, Job Search, Professional Development, Women in Tech,
Certifications, Online Learning, Career Journey, LinkedIn Optimization, Personal
Growth
EMBARKING ON THE CYBERSECURITY JOURNEY: MY NONLINEAR PATH
LAURA KENNER
March 16, 2023
Skill Up, Up skills, Skills Up, Up Skill, Up-skilling, Skilled up, Skill up
courses, Skilling up, Up-skilled
UPSKILL IN CYBERSECURITY: FREE COURSES & RESOURCES FOR BUILDING EXPERTISE
LAURA KENNER
March 16, 2023
Malware, Threat Hunting, Endpoint Security, EDR, Threat Research, Keylogger
Malware, Stealer bundlers, Infostealer, Hookspoofer, Stormkitty
HOOKSPOOFER: AMPLIFYING OPEN SOURCE STEALER BUNDLERS GAINING MOMENTUM
TEJASWINI SANDAPOLLA
March 16, 2023
Osquery, Cyber Security Strategy, Cybersecurity, osquery@scale2022, Zero-Trust,
Control Plane, Control Visibility
IMPLEMENTING A ZERO-TRUST CONTROL PLANE WITH OSQUERY
JEREMY COLVIN
March 16, 2023
Vulnerability Assessment, Cybersecurity, chatgpt
TECHNOLOGY EVANGELIST JACK ROEHRIG ON HOW CHATGPT IS DISRUPTING SECURITY NORMS
ELIAS TERMAN
March 10, 2023
Cyber Security Strategy, Threat Management, Endpoint Security, Data, Incident
Response, Cybersecurity
KEY INSIGHTS FROM THE NATIONAL CYBERSECURITY STRATEGY
LAURA KENNER
March 10, 2023
Cloud Security, Incident Response, Cybersecurity, Remote Code Execution,
Customer Data Protection, LastPass, Data Breach, Password Management, Cloud
Threat Detection, Keylogger Malware, Third-Party Software
LASTPASS SECURITY BREACH 2022: LATEST UPDATES & FINDINGS
LAURA KENNER
March 2, 2023
Threat Hunting, Threat Management, EDR, Threat Research, XDR
PARALLAX RAT EXPLOITED BY THREAT ACTOR, POSING RISKS TO CRYPTOCURRENCY ENTITIES
UPTYCS THREAT RESEARCH
February 28, 2023
Cloud Security, Cyber Security Strategy, Threat Research, XDR
Q4 QUARTERLY THREAT BULLETIN
UPTYCS THREAT RESEARCH
February 23, 2023
osquery@scale2022
LEVERAGING OSQUERY EXTENSIONS FOR SCALABLE JAVA VULNERABILITY DETECTION
LAURA KENNER
February 13, 2023
Vulnerability Assessment, Threat Research, Cybersecurity
IMAGEMAGICK VULNERABILITY: DENIAL OF SERVICE (DOS) & ARBITRARY FILE READ
EXPLOITATION
SIDDARTHA MALLADI
February 10, 2023
Malware, Threat Intelligence, Endpoint Security, EDR, Threat Research, Featured
DECIPHERING STEALERIUM MALWARE: EXPLORING EVASION TECHNIQUES & INSIGHTS
KARTHICKKUMAR KATHIRESAN
February 10, 2023
osquery@scale2022
CHEAPER MONITORING OF MILLIONS OF AWS WORKLOADS: HOW NETFLIX CYBERSECURITY TEAM
USES OSQUERY
CAROL CALEY
January 30, 2023
Security Hygiene, Threat Management, Endpoint Security, Compliance,
Configuration, Cybersecurity
EVOLUTION OF PASSWORD BEST PRACTICES 2023: ADAPTING TO THE CHANGING LANDSCAPE
JENNIFER LYNN
January 24, 2023
Malware, Threat Research
THE TITAN STEALER: INFAMOUS TELEGRAM MALWARE CAMPAIGN
KARTHICKKUMAR KATHIRESAN
January 23, 2023
Threat Research, Cybersecurity
CVE-2022-41034: VISUAL STUDIO CODE REMOTE CODE EXECUTION VULNERABILITY
ARPIT KATARIA
January 11, 2023
Threat Research, Cybersecurity
TARGETED INFOSTEALER MALWARE CAMPAIGN AFFECTS ITALIAN REGION
UPTYCS THREAT RESEARCH
January 6, 2023
Cloud Security, AWS, Detection, Cloud Identity
DETECTING UNUSUAL AWS SESSIONS UTILIZING TEMPORARY CREDENTIALS (2/2)
ANDRE RALL
December 28, 2022
Cloud Security, AWS, Detection, Cloud Identity
IDENTIFYING ABNORMAL AWS SESSIONS ORIGINATING FROM TEMPORARY CREDENTIALS (1/2)
ANDRE RALL
December 28, 2022
Cloud Security, Cyber Security Strategy, Announcement, Featured
WHY NOT BOTH? UPTYCS CWPP COMBINES AGENT-BASED & AGENTLESS SCANNING FOR
COMPREHENSIVE SECURITY
TYSON SUPASATIT
December 9, 2022
Cloud Security
JACK ROEHRIG: WHY I JOINED UPTYCS
JACK ROEHRIG
December 7, 2022
Cloud Security, Cyber Security Strategy, XDR
FORRESTER PLANNING GUIDE 2023 OVERVIEW: SECURITY & RISK
UPTYCS TEAM
December 2, 2022
AWS, Cybersecurity
AWS RE:INVENT FEATURING DAVID KOREN - UPTYCS HIGHLIGHT SERIES
GABRIELA SILK
November 30, 2022
Cloud Security, Cyber Security Strategy
CDR DETECTION CATEGORIES: UNVEILING WHY THREAT ACTORS DESPISE CLOUD DETECTION &
RESPONSE
ANDRE RALL
November 22, 2022
Cloud Security
CSA SECTEMBER 2022: KEY TECHNOLOGY & SECURITY TRENDS
CAROL CALEY
November 7, 2022
Cloud Security
SUMMARY OF SURVEY FINDINGS: CLOUD SECURITY IN THE FINANCIAL SERVICES SECTOR
UPTYCS
November 5, 2022
Cybersecurity
THE COMPREHENSIVE GUIDE TO AWS RE:INVENT 2022 FOR ATTENDEES
UPTYCS
November 3, 2022
Threat Intelligence, Threat Research
CUSTOMER SECURITY ADVISORY: ADDRESSING OPENSSL BUFFER OVERFLOW VULNERABILITIES
(CVE-2022-3602 & CVE-2022-3786)
JOSH LEMON
November 3, 2022
Kubernetes, Detection, Container Security
UPTYCS ENHANCES THREAT DETECTION CAPABILITIES: SECURING YOUR KUBERNETES
DEPLOYMENTS FROM HACKERS
JEREMY COLVIN
October 24, 2022
Threat Research, Featured
JAVA VULNERABILITY SCANNING & OSQUERY: TEXT4SHELL (CVE-2022-42889) QUERIES
UPTYCS TEAM
October 20, 2022
Integrations, Announcement
UPTYCS PARTNERS WITH PAGERDUTY: STREAMLINING INCIDENT RESPONSE FROM DETECTION TO
RESOLUTION FOR TEAMS
JEREMY COLVIN
October 18, 2022
Kubernetes, Threat Hunting, Kubequery
UPTYCS SPOTLIGHT SERIES: KUBECON WITH SOLOMON MURUNGU
GABRIELA SILK
October 17, 2022
Threat Hunting, Threat Intelligence, Threat Research, Featured
ANALYZING AGENT TESLA MALWARE: UNVEILING WSHRAT AS A DROPPER
UPTYCS THREAT RESEARCH
October 13, 2022
Kubernetes, Cybersecurity
ANTICIPATING KUBECON 2022: EXCITING HIGHLIGHTS ON THE HORIZON
UPTYCS
October 10, 2022
Osquery, Threat Hunting, osquery@scale
UPTYCS SPOTLIGHT SERIES: OSQUERY@SCALE WITH PABLO ARMAS
GABRIELA SILK
September 13, 2022
Osquery, osquery@scale
THE BEST OF OSQUERY@SCALE: DETECTION & INCIDENT RESPONSE
BRIAN THOMAS
September 12, 2022
Osquery, Threat Hunting, osquery@scale
UPTYCS SPOTLIGHT SERIES: OSQUERY@SCALE WITH SAURABH WADHWA
GABRIELA SILK
September 8, 2022
Osquery, osquery@scale
THE BEST OF OSQUERY@SCALE: MONITORING & COMPLIANCE
BRIAN THOMAS
September 6, 2022
Threat Hunting, Threat Intelligence, Threat Research, Featured
ADDITIONAL LINUX RANSOMWARE LIKELY UNDERWAY
UPTYCS THREAT RESEARCH
September 1, 2022
Cloud Security, Cyber Security Strategy
THE CSA'S PANDEMIC 11: TOP CLOUD SECURITY THREATS & WHAT TO DO ABOUT THEM
LAURA KENNER
August 31, 2022
Cloud Security, Cyber Security Strategy, Vulnerability Assessment
RISK POSTURE: ASSESSING & UNDERSTANDING ORGANIZATIONAL RISK IN CYBERSECURITY
GABRIELA SILK
August 25, 2022
Cloud Security
CLOUD NETWORKING: EXPLORING THE FUNDAMENTALS & ADVANTAGES OF CLOUD NETWORK
INFRASTRUCTURE
GABRIELA SILK
August 22, 2022
Threat Hunting, Threat Intelligence, Threat Research
IS TOX THE NEW C&C METHOD FOR COINMINERS?
UPTYCS THREAT RESEARCH
August 19, 2022
THE BEST OF OSQUERY@SCALE: COMPLIANCE & CLOUD GOVERNANCE
JEREMY COLVIN
August 17, 2022
Cloud Security, Announcement, Featured
5 MOTIVATIONS BEHIND MY DECISION TO BECOME CMO AT UPTYCS
ELIAS TERMAN
August 9, 2022
Cloud Security, Vulnerability Assessment, Endpoint Security, Container Security
UPTYCS ENHANCES CAPABILITIES WITH VULNERABILITY MANAGEMENT: EMPOWERING
CONTEXTUAL INSIGHTS & RAPID REMEDIATION
JEREMY COLVIN
August 9, 2022
Osquery, Cloud Security, Cybersecurity
THE BEST OF OSQUERY@SCALE: CLOUD SECURITY EDITION
HARRY HAYWARD
August 4, 2022
Cloud Monitoring, Cloud Security, Cyber Security Strategy
GO BEYOND CSPM TO CLOUD DETECTION & RESPONSE
ANDRE RALL
July 28, 2022
Threat Hunting, Threat Intelligence, Threat Research
QBOT RESURFACES WITH DLL SIDE LOADING TECHNIQUE TO EVADE DETECTION MECHANISMS
UPTYCS THREAT RESEARCH
July 28, 2022
Cloud Security, Announcement, Detection, Featured
DEFENSE IN DEPTH FOR THE CLOUD: THE CRUCIAL ROLE OF CLOUD DETECTION & RESPONSE
TYSON SUPASATIT
July 26, 2022
Cloud Security, Kubernetes, Container Security
THE ADVANTAGES OF USING CONTAINERS
GABRIELA SILK
July 25, 2022
Threat Management, Cybersecurity
DETECTION ENGINEERING: ENHANCING THREAT DETECTION & INCIDENT RESPONSE IN
CYBERSECURITY
LAURA KENNER
July 14, 2022
CI/CD, Kubernetes, Container Security
CONTAINERIZATION IN DEVOPS: STREAMLINING APPLICATION DEPLOYMENT & MANAGEMENT
GABRIELA SILK
July 11, 2022
Uptycs, Cybersecurity
AWS RE:INFORCE 2022: GUIDE FOR VISITORS TO BOSTON
BRIAN THOMAS
July 6, 2022
Threat Hunting, Threat Intelligence, Threat Research
KURAYSTEALER: AN UNSCRUPULOUS ACTOR EXPLOITING DISCORD WEBHOOKS
UPTYCS THREAT RESEARCH
July 1, 2022
Cyber Security Strategy, Cybersecurity
RSA 2022: A FIRST-TIME ATTENDEE'S FIRST IMPRESSIONS & KEY TAKEAWAYS
GABRIELA SILK
June 30, 2022
CI/CD, Kubernetes, Container Security
KUBERNETES PODS VS. NODES: UNDERSTANDING DIFFERENCES & USE CASES
GABRIELA SILK
June 14, 2022
Cloud Security, Cybersecurity
SD-WAN VS. MPLS: COMPARING NETWORK TECHNOLOGIES
GABRIELA SILK
June 14, 2022
Cybersecurity
SANDBOX VR'S REMAINING DEEP DIVE SESSIONS
GABRIELA SILK
June 9, 2022
Cloud Security, Cybersecurity
UPTYCS AT RSA: BOOTH SESSIONS, RAFFLES & SECURITY STRATEGY DAY 3
GABRIELA SILK
June 8, 2022
Threat Hunting, EDR, Threat Research, XDR, Featured
CROSS-PLATFORM EVOLUTION: BLACK BASTA RANSOMWARE EXPANDS TO TARGET ESXI SYSTEMS
UPTYCS THREAT RESEARCH
June 7, 2022
CI/CD, Cloud Security, Kubernetes, Announcement, Compliance, Featured,
Cybersecurity
UPTYCS EXPANDS CNAPP VISION: WHAT LIES AHEAD FOR CLOUD-NATIVE APPLICATION
PROTECTION
TYSON SUPASATIT
June 6, 2022
Cybersecurity
UNVEILING UPTYCS' SPEAKER SESSIONS AT THE RSA CONFERENCE
BRIAN THOMAS
June 1, 2022
Threat Hunting, Threat Intelligence, Threat Research
WARZONERAT EVADES DETECTION WITH PROCESS HOLLOWING TECHNIQUE
UPTYCS THREAT RESEARCH
May 31, 2022
CI/CD, Kubernetes, Announcement, Featured, Container Security
BRIDGING THE GAP WITH DEVOPS TEAMS: ENHANCING CONTAINER PROTECTION THROUGH
KUBERNETES TELEMETRY IN SECURITY ANALYTICS
JEREMY COLVIN
May 26, 2022
Threat Hunting, Threat Intelligence, Threat Management, YARA
CYBER THREAT HUNTING: UNVEILING THE ART OF PROACTIVE CYBERSECURITY
GABRIELA SILK
May 19, 2022
Cloud Security, Cyber Security Strategy, Cybersecurity
NETWORK SEGMENTATION: ENHANCING SECURITY & PERFORMANCE THROUGH SEGREGATED
NETWORKS
GABRIELA SILK
May 13, 2022
Threat Hunting, Threat Intelligence, Threat Research
VULNERABLE DOCKER INSTALLATIONS: MALWARE ATTACK PLAYGROUND
UPTYCS THREAT RESEARCH
May 5, 2022
Cloud Security, Featured
INTRODUCING UPTYCS CLOUD IDENTITY & ENTITLEMENT ANALYTICS
TYSON SUPASATIT
May 4, 2022
Cyber Security Strategy
MAY THE FOURTH BE WITH YOU(R SECURITY): CELEBRATING STAR WARS DAY WITH A
CYBERSECURITY FOCUS
BRIAN THOMAS
May 4, 2022
Threat Research
QUARTERLY THREAT BULLETIN: Q1 OF 2022
UPTYCS THREAT RESEARCH
April 22, 2022
Cloud Security, Endpoint Security, Cybersecurity
LATERAL MOVEMENT: UNDERSTANDING THE TACTICS & IMPLICATIONS IN CYBERSECURITY
GABRIELA SILK
April 15, 2022
Threat Research, Featured
SPRING4SHELL & CVE-2022-22963: ANALYSIS & INVENTORY OF VULNERABLE PACKAGES WITH
UPTYCS
UPTYCS THREAT RESEARCH
April 1, 2022
MITRE ATT&CK
2022 MITRE ATT&CK® EVALUATIONS: SPOTLIGHT ON RANSOMWARE
TYSON SUPASATIT
March 31, 2022
Continuous Monitoring, Cloud Security, Cyber Security Strategy
SECURITY RISKS OF CLOUD COMPUTING: UNDERSTANDING & MITIGATING POTENTIAL THREATS
GABRIELA SILK
March 30, 2022
Threat Hunting, Featured
DIRTYPIPE LINUX EXPLOIT: HOW IT WORKS & HOW TO RESPOND
UPTYCS THREAT RESEARCH
March 10, 2022
Threat Hunting, Endpoint Security
SCAN UP TO 5,000 HOSTS IN LESS THAN 20 MINUTES: A FREE LOG4SHELL ASSESSMENT
JEREMY COLVIN
March 8, 2022
Threat Hunting, Incident Response
DESTRUCTIVE WIPERS: ESSENTIAL INFORMATION & INSIGHTS
UPTYCS THREAT RESEARCH
March 4, 2022
Threat Hunting, Incident Response, Featured
UPTYCS HOW-TO GUIDE: CISA SHIELDS UP
UPTYCS TEAM
March 2, 2022
Continuous Monitoring, Threat Hunting, Incident Response, Featured
CISA SHIELDS-UP: A SWIFT EXAMINATION
UPTYCS TEAM
March 1, 2022
Threat Research
QUARTERLY THREAT BULLETIN: Q4 OF 2021
UPTYCS THREAT RESEARCH
February 25, 2022
Cybersecurity
PREPARING FOR CYBERATTACKS: A GUIDE FOR SMALL AND MEDIUM BUSINESSES
BRIAN THOMAS
February 24, 2022
YARA, EDR
CASE STUDY: DEPLOYING YARA SCANNING AT SCALE FOR ADVANCED ATTACKER DETECTION -
NEW UPTYCS CUSTOMER EXPERIENCE
TYSON SUPASATIT
February 17, 2022
Threat Hunting, Featured, Hot
GROWING TREND OF ATTACKERS USING REGSVR32 UTILITY EXECUTION
UPTYCS THREAT RESEARCH
February 9, 2022
MITRE ATT&CK
WHAT IS MITRE D3FEND & HOW SHOULD MY ORGANIZATION USE IT?
TYSON SUPASATIT
February 3, 2022
Cloud Monitoring
RSA 2022: UPTYCS' MESSAGE
BRIAN THOMAS
January 26, 2022
EDR, XDR, Insight Analytics
EDR VS. XDR: WHAT ARE THE SIMILARITIES & DIFFERENCES?
GABRIELA SILK
January 19, 2022
Cloud Monitoring, Cloud Security
LEVERAGING THE CLOUD TO ENHANCE FORENSIC INVESTIGATIONS: A HOW-TO GUIDE
GABRIELA SILK
January 17, 2022
Threat Hunting, Threat Intelligence, Threat Research
COIN MINING CRYPTOMINER CAMPAIGN TARGETS VMWARE VSPHERE SERVICES
UPTYCS THREAT RESEARCH
January 14, 2022
Threat Hunting
LOG4J 2 CVE-2021-44228: SOLUTION FROM A SOFTWARE ARCHITECT PERSPECTIVE
SESHU PASAM
December 27, 2021
Incident Response, Featured
LOG4J CVE-44228: SCANNING A MILLION HOSTS IN UNDER 30 MINUTES
UMA REDDY
December 21, 2021
Threat Hunting, Threat Research
VULNERABILITY AFTERMATH OF LOG4J: IMPACT & MITIGATION MEASURES
UPTYCS THREAT RESEARCH
December 20, 2021
Threat Hunting
LOG4J REMEDIATION: OSQUERY QUICK REFERENCE GUIDE FOR TABLES & ACTIONS
UPTYCS TEAM
December 13, 2021
Threat Hunting, Featured
LOG4J/LOG4SHELL VULNERABILITY SCANNING & EXPLOIT DETECTION IN UPTYCS OSQUERY
UPTYCS TEAM
December 13, 2021
Threat Hunting, Threat Intelligence, Threat Research
QUARTERLY THREAT BULLETIN: Q3 OF 2021
UPTYCS THREAT RESEARCH
December 11, 2021
Osquery Tutorial, Osquery, SQL, Tech Insights
CONSTRUCTING SQL QUERIES FOR ASSET MANAGEMENT: OSQUERY TUTORIAL
JEREMY COLVIN
November 12, 2021
Cloud Security, Cloud Compliance, Cyber Security Strategy, Compliance,
Cybersecurity
CLOUD SECURITY FRAMEWORK: A COMPREHENSIVE APPROACH TO SAFEGUARDING CLOUD
ENVIRONMENTS
GABRIELA SILK
November 5, 2021
Cloud Monitoring, Cloud Security, Cyber Security Strategy, Tech Insights,
Cybersecurity
SCALABILITY IN CLOUD COMPUTING: EXPLORING THE ABILITY TO EXPAND & ADAPT
RESOURCES EFFORTLESSLY
GABRIELA SILK
October 15, 2021
Threat Intelligence, Threat Management, Threat Research
TEAM TNT DEPLOYS MALICIOUS DOCKER IMAGE ON DOCKER HUB: ANALYSIS & DETECTION WITH
UPTYCS
SIDDHARTH SHARMA
October 7, 2021
Cloud Security, Configuration, Cybersecurity
CLOUD SECURITY POSTURE MANAGEMENT: ENSURING STRONG SECURITY MEASURES IN THE
CLOUD
GABRIELA SILK
October 6, 2021
Threat Hunting, EDR
WHAT'S THE IDEAL VULNERABILITY MANAGEMENT TOOL FOR YOUR ENVIRONMENT?
JEREMY COLVIN
October 1, 2021
Cloud Security, Integrations, Cybersecurity, Container Security
CLOUD NATIVE SECURITY CHECKLIST: ENSURING ROBUST PROTECTION FOR CLOUD
ENVIRONMENTS
GABRIELA SILK
September 22, 2021
Cloud Security, Tech Insights, Cybersecurity
TOP CYBERSECURITY ACCREDITATIONS
GABRIELA SILK
September 17, 2021
Cloud Security, Uptycs
UPTYCS EXPANDS SUPPORT TO INCLUDE AMAZON GRAVITON
RYAN MACK
September 2, 2021
Cloud Security, Threat Hunting
LOLBINS: UNDERSTANDING THE SILENT OPERATIONS OF ATTACKERS
UPTYCS THREAT RESEARCH
September 1, 2021
Compliance, Tech Insights
THE IMPACT OF BIDEN'S EO ON CYBERSECURITY: TRANSFORMING VENDOR RISK MANAGEMENT
KELLEY KIRBY
August 31, 2021
Osquery, Open Source
MAXIMIZING RESOURCE UTILIZATION AT SCALE: OSQUERY OPTIMIZATION TECHNIQUES
JEREMY COLVIN
August 20, 2021
Endpoint Security, EDR, Uptycs, XDR
UPTYCS PROTECT: REVOLUTIONIZING RESPONSE FOR MODERN CSIRT TEAMS
TYSON SUPASATIT
August 10, 2021
Threat Hunting, Threat Research
CRYPTOMINER ELFS EXPLOIT MSR FOR ENHANCED MINING OPERATIONS
UPTYCS THREAT RESEARCH
August 5, 2021
Cloud Security
7 LEADING CONCERNS IN CLOUD SECURITY
BRIAN THOMAS
July 30, 2021
Cyber Security Strategy
IS BIDEN'S EXECUTIVE ORDER A HOLLOW PLAN OR CORNERSTONE FOR PROGRESS?
KELLEY KIRBY
July 28, 2021
Cloud Security
CLOUD WORKLOAD SECURITY BEST PRACTICES: ENSURING ROBUST PROTECTION IN THE CLOUD
BRIAN THOMAS
July 22, 2021
Cloud Security
SECURING THE CLOUD: AN EXAMINATION OF ITS SAFETY MEASURES
BRIAN THOMAS
July 16, 2021
Cloud Security
CLOUD NATIVE: EXPLORING THE MEANING AND BENEFITS OF A MODERN CLOUD PARADIGM
BRIAN THOMAS
July 9, 2021
Threat Hunting, Threat Research
MACOS: BASHED APPLES OF SHLAYER & BUNDLORE
ASHWIN VAMSHI
July 8, 2021
Threat Hunting, Endpoint Security
UNVEILING EVASIVE TECHNIQUES EMPLOYED BY MALICIOUS LINUX SHELL SCRIPTS
UPTYCS THREAT RESEARCH
July 1, 2021
Cloud Security
6 SUGGESTIONS FOR ASSESSING A CLOUD SECURITY SYSTEM
BRIAN THOMAS
June 25, 2021
Cloud Security
6 MUST-HEAR PODCASTS ON CLOUD SECURITY YOU SHOULD FOLLOW
BRIAN THOMAS
June 24, 2021
Cloudquery
BRIDGING CLOUD CYBERSECURITY GAPS: LEVERAGING SELECT * FOR YOUR CLOUD & JOINING
ACROSS THE STACK
TYSON SUPASATIT
June 18, 2021
Cloud Security, Featured
15 ESSENTIAL CYBERSECURITY FILMS FOR CLOUD SECURITY EXPERTS
BRIAN THOMAS
June 15, 2021
Osquery, Cloud Security, Cyber Security Strategy
2021 RSA EVENT SUMMARY REPORT
SUDARSAN KANNAN
June 3, 2021
Threat Research
SIMPS BOTNET UNCOVERED, UNVEILING CONNECTIONS TO KEKSEC GROUP
UPTYCS THREAT RESEARCH
May 17, 2021
Threat Hunting, Endpoint Security
LINUX COMMANDS & UTILITIES COMMONLY USED BY ATTACKERS
PRITAM SALUNKHE
May 7, 2021
Osquery, Threat Management, Endpoint Security
WHEN GATEKEEPER TURNS A BLIND EYE: ALERTING ON THE LATEST MACOS VULNERABILITY
BEN MONTOUR
April 29, 2021
MITRE ATT&CK, Detection, EDR
MEASURABLE DETECTION & RESPONSE: MITRE ENGENUITY’S ATT&CK EVALUATIONS FOR
CARBANAK+FIN7
TYSON SUPASATIT
April 21, 2021
CODE REUSE: MIRAI'S INFLUENCE ON GAFGYT MALWARE
SIDDHARTH SHARMA
April 15, 2021
Malware, Threat Intelligence, Threat Research
EXCEL 4 MACROS DETECTED IN ICEDID CAMPAIGN: ADDING A NEW TWIST
UPTYCS THREAT RESEARCH
April 7, 2021
Osquery, AWS, YARA, Augeas, Container Security
UNVEILING SECRETS: MITIGATING CREDENTIAL LEAKAGE RISK THROUGH AWS ACCESS KEY
INVENTORY
SESHU PASAM
April 1, 2021
Cloud Monitoring, Cloud Security, Cloud Compliance
UNDERSTANDING THE DISTINCTIONS: CASB, CWPP, CSPM & CNAPP IN CLOUD SECURITY
TYSON SUPASATIT
March 23, 2021
Cloud Monitoring, Cloud Security, Workload
CWPP (CLOUD WORKLOAD PROTECTION PLATFORM): ESSENTIAL INFORMATION & INSIGHTS
TYSON SUPASATIT
March 10, 2021
Osquery, AWS, Fargate, Container Security
LEVERAGING UPTYCS & OSQUERY TO FORTIFY SECURITY FOR AWS FARGATE CONTAINERS ON
ECS
SESHU PASAM
March 8, 2021
Osquery, Docker Security, Container Security
USING OSQUERY & UPTYCS TO DETECT DOCKER ESCAPES
ADHOKSHAJ MISHRA
March 1, 2021
Osquery, Endpoint Security, Detection
DETECTING SILVER SPARROW MACOS MALWARE USING UPTYCS
BEN MONTOUR
February 25, 2021
EDR, Threat Research
MALICIOUS DOCUMENT TECHNIQUES, TARGETS & ATTACKS: EMERGING TRENDS
UPTYCS THREAT RESEARCH
February 11, 2021
Osquery, Container Security
INITIATING CONTAINER SECURITY WITH OSQUERY: A BEGINNER'S GUIDE
RYAN MACK
February 8, 2021
Osquery, Cloud Monitoring, Cloud Security, Cloudquery
STREAMLINE CLOUD MONITORING WITH CLOUDQUERY & OSQUERY FOR ENHANCED SIMPLICITY
AMOL PATIL
February 3, 2021
Threat Hunting, Vulnerability Assessment, Threat Management, EDR
DETECTING SUDO LOCAL PRIVILEGE ESCALATION (CVE-2021-3156) WITH OSQUERY & UPTYCS
AMIT MALIK
January 29, 2021
Osquery, Kubernetes, Orchestration, Kubequery, Container Security
KUBEQUERY: EMPOWERING KUBERNETES CLUSTERS WITH THE CAPABILITY OF OSQUERY
SESHU PASAM
January 29, 2021
EXPLORING LATERAL MOVEMENT CORRELATION IN UPTYCS EDR
AMIT MALIK
January 28, 2021
Osquery
EXPLORING THE FUTURE OF OSQUERY: A CONVERSATION WITH ENTERPRISE SECURITY WEEKLY
TYSON SUPASATIT
January 21, 2021
Osquery, AWS
YOU SHOULD BE USING AWS IMDSV2: HERE’S WHY & HOW TO DO IT
SESHU PASAM
January 19, 2021
Cloud Monitoring, Cloud Security
ENHANCING CLOUD SECURITY POSTURE THROUGH CONTINUOUS MONITORING OF CLOUD
INFRASTRUCTURE
TYSON SUPASATIT
January 13, 2021
Threat Research
WARZONE RAT DEPLOYED BY CONFUCIUS APT
UPTYCS THREAT RESEARCH
January 12, 2021
Threat Management, Detection, EDR, Threat Research, Incident Response
TARGETING USERS IN SOUTH AMERICA: REVENGE RAT
ABHIJIT MOHANTA
December 29, 2020
Osquery, Incident Investigation, Detection, EDR
USING OSQUERY & UPTYCS TO DETECT THE SOLARWINDS SUPPLY CHAIN ATTACK
AMIT MALIK
December 17, 2020
Osquery Tutorial, Osquery, Incident Investigation, Threat Hunting, Threat
Intelligence, Security Analytics, Endpoint Security, SQL, Telemetry
OSQUERY: WHAT IT IS, HOW IT WORKS & HOW TO USE IT
MARK KNOWLES
December 8, 2020
Osquery Tutorial, Osquery, Compliance
ENFORCING IT COMPLIANCE WITH OSQUERY: MONITORING THIRD-PARTY SYSTEM EXTENSIONS
ERIC KAISER
December 3, 2020
Vulnerability Assessment, Threat Management, Threat Research
WARZONE RAT UNLEASHES UAC BYPASS TECHNIQUE
ABHIJIT MOHANTA
November 25, 2020
Endpoint Security, MITRE ATT&CK, Detection, EDR
UPTYCS EDR FOR LINUX: DETECTION & VISIBILITY ALL THE WAY THROUGH
AMIT MALIK
November 17, 2020
Incident Investigation, Endpoint Security, MITRE ATT&CK, Detection
FAST, CONSOLIDATED, & CONTEXT-RICH DETECTIONS FROM UPTYCS WILL KEEP SECURITY
ANALYSTS SANE
TYSON SUPASATIT
November 11, 2020
Osquery Tutorial, Osquery, Configuration, Augeas, Container Security
HARNESSING THE POWER OF AUGEAS WITH OSQUERY: UNLOCKING ACCESS TO CONFIGURATION
FILES ACROSS NUMEROUS APPLICATIONS
RYAN MACK
October 13, 2020
Osquery Tutorial, Osquery, User Security
VERIFYING DISK ENCRYPTION ON MAC, LINUX, AND WINDOWS: OSQUERY TUTORIAL
JUSTIN MITZIMBERG
September 15, 2020
Osquery Tutorial, Osquery
OSQUERY TUTORIAL: EVALUATING CHROME EXTENSION PERMISSIONS
GUILLAUME ROSS
August 17, 2020
Vulnerability Assessment, Threat Management, Endpoint Security, Cybersecurity
UTILIZING UPTYCS' AUDIT & DETECTION FEATURES FOR BOOTHOLE REMEDIATION
SESHU PASAM
August 7, 2020
Osquery, Data, Telemetry, Automation, Orchestration
INTEGRATED SECURITY PROGRAMS: THE 4 PILLARS
UPTYCS
August 3, 2020
Osquery Tutorial, Osquery, Compliance
COLLECTING SOFTWARE INVENTORY INFORMATION: OSQUERY TUTORIAL
GUILLAUME ROSS
July 23, 2020
Osquery, Threat Management, Endpoint Security, User Security, SQL
HANDLING THE CRITICAL REMOTE CODE EXECUTION VULNERABILITY IN WINDOWS DNS SERVER:
CVE-2020-1350
JUSTIN MITZIMBERG
July 16, 2020
Osquery, Compliance, SQL, YARA, Cybersecurity
3 EFFECTIVE METHODS OSQUERY ASSISTS IN SECURITY COMPLIANCE
MAC SLOCUM
July 13, 2020
Osquery, Goquery, Remote Investigation
ACCELERATING & SECURING REMOTE INVESTIGATIONS WITH GOQUERY & UPTYCS
CARL VINCENT
June 23, 2020
Osquery, Cloud Security, Security Analytics, Announcement, Uptycs
UPTYCS ANNOUNCES SERIES B FUNDING
GANESH PAI
June 17, 2020
Malware, Open Source, Threat Hunting, Threat Intelligence, Endpoint Security
OSQUERY & JA3: DETECTING MALICIOUS ENCRYPTED CONNECTIONS LOCALLY
GUILLAUME ROSS
June 2, 2020
Osquery, Cloud Compliance, Endpoint Security, AWS
LEVERAGING AWS NITRO ARCHITECTURE FOR KUBERNETES: ENCRYPTING INTER-NODE TRAFFIC
JULIAN WAYTE
May 7, 2020
Osquery, Cybersecurity
UNDERSTANDING SOC 2 COMPLIANCE REQUIREMENTS: KEY KNOWLEDGE FOR SECURITY AUDITS
AMBER PICOTTE
May 5, 2020
Osquery Tutorial, Threat Intelligence, Endpoint Security
MACOS BUNDLORE: EXAMINING POTENTIAL NEW CODE WITHIN OLD ADWARE
AMIT MALIK
April 14, 2020
Osquery, Cloud Monitoring, Docker Security, Container Security
USING OSQUERY TO DETECT DOCKER CONTAINER MALWARE
AMIT MALIK
April 13, 2020
Docker Security
8 DOCKER SECURITY BEST PRACTICES: OPTIMIZING YOUR CONTAINER ENVIRONMENT
AMBER PICOTTE
April 10, 2020
Allowlist
UTILIZING ANOMALY DETECTION FOR APPLICATION ALLOWLISTING
PAT HALEY
April 2, 2020
Endpoint Security
5 BEST PRACTICES FOR OPTIMIZING YOUR SECURITY WITH ENDPOINT VISIBILITY
PAT HALEY
March 31, 2020
Threat Intelligence, Security Analytics, Endpoint Security
CONSIDERING NEWLY REGISTERED DOMAINS FOR BLOCKLISTING: AN ANALYSIS
AMIT MALIK
March 24, 2020
Endpoint Security
HOW TO ACHIEVE PCI-COMPLIANT FIM & ENDPOINT SECURITY WITH ONE TOOL
PAT HALEY
March 10, 2020
Endpoint Security, User Security
THE IMPORTANCE OF EMBRACING USER-FOCUSED SECURITY: ENHANCING PROTECTION &
EMPOWERING USERS
AMBER PICOTTE
February 18, 2020
Osquery Tutorial, Osquery, Endpoint Security
WINDOWS OSQUERY DEPLOYMENT VIA GPO (GROUP POLICY OBJECTS): A STEP-BY-STEP GUIDE
GUILLAUME ROSS
February 13, 2020
Cloud Security
CLOUD COMPUTING: TOP INTRUSION DETECTION TECHNIQUES
AMBER PICOTTE
February 6, 2020
Endpoint Security
21 TOP INFRASTRUCTURE SECURITY LINUX RESOURCES
AMBER PICOTTE
February 4, 2020
STAY IN THE LOOP
Get regular updates on all things Uptycs—
from product updates to expert articles and much more
FOLLOW US
*
*
*
*
PRODUCTS
* Why Uptycs
* XDR
* CNAPP
* CWPP
* CSPM
* CIEM
* CDR
BY ATTACK
SURFACE:
* AWS
* Azure
* Google Cloud
* Containers and Kubernetes
* Endpoints
BY
USE CASE:
* Detection and Response
* Threat Hunting
* CSIRT
* Vulnerability Scanning
* Compliance
SERVICES
* Managed Services (MDR)
* Support and Professional Services
* Training and Education
PARTNERS
* Partner Overview
CLOUD SERVICE PROVIDERS:
* AWS
* Azure
* Google Cloud
SERVICES
* Managed Services (MDR)
* Support and Professional Services
* Training and Education
PARTNERS
* Partner Overview
CLOUD SERVICE PROVIDERS:
* AWS
* Azure
* Google Cloud
RESOURCES
* Blog
* Resource Library
* Upcoming Events
COMPANY
* About Us
* Careers
* Security Practices
* Contact Us
* Press and News
© 2023 Uptycs. All rights reserved.
* Privacy Policy
* Security Practices
* Contact Us
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1