www.uptycs.com
Open in
urlscan Pro
2606:2c40::c73c:67e2
Public Scan
URL:
https://www.uptycs.com/blog/cyclops-ransomware-stealer-combo
Submission: On June 07 via api from TR — Scanned from DE
Submission: On June 07 via api from TR — Scanned from DE
Form analysis
1 forms found in the DOMPOST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2617658/0492e7b1-c029-4110-8042-598f482d9802
<form id="hsForm_0492e7b1-c029-4110-8042-598f482d9802_4771" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2617658/0492e7b1-c029-4110-8042-598f482d9802"
class="hs-form-private hsForm_0492e7b1-c029-4110-8042-598f482d9802 hs-form-0492e7b1-c029-4110-8042-598f482d9802 hs-form-0492e7b1-c029-4110-8042-598f482d9802_4cb5ae38-56a0-4450-b688-89ab5211d6a4 hs-form stacked hs-custom-form"
target="target_iframe_0492e7b1-c029-4110-8042-598f482d9802_4771" data-instance-id="4cb5ae38-56a0-4450-b688-89ab5211d6a4" data-form-id="0492e7b1-c029-4110-8042-598f482d9802" data-portal-id="2617658" data-hs-cf-bound="true">
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-0492e7b1-c029-4110-8042-598f482d9802_4771" class="" placeholder="Enter your " for="email-0492e7b1-c029-4110-8042-598f482d9802_4771"><span></span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-0492e7b1-c029-4110-8042-598f482d9802_4771" name="email" required="" placeholder="your_name@email.com*" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="Submit"></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1686103805925","formDefinitionUpdatedAt":"1683658686977","lang":"en","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36","pageTitle":"Cyclops Ransomware and Stealer Combo: Exploring a Dual Threat","pageUrl":"https://www.uptycs.com/blog/cyclops-ransomware-stealer-combo","pageId":"118749292421","isHubSpotCmsGeneratedPage":true,"canonicalUrl":"https://www.uptycs.com/blog/cyclops-ransomware-stealer-combo","contentType":"blog-post","hutk":"03b570e98d97ba53f6e491c3e591468d","__hsfp":78086756,"__hssc":"26386402.1.1686103806431","__hstc":"26386402.03b570e98d97ba53f6e491c3e591468d.1686103806430.1686103806430.1686103806430.1","formTarget":"#hs_form_target_form_683470893","formInstanceId":"4771","rawInlineMessage":"Thanks for submitting the form.","hsFormKey":"f5f6967922511719d6cffb2ca3d3beb5","pageName":"Cyclops Ransomware and Stealer Combo: Exploring a Dual Threat","locale":"en","timestamp":1686103806443,"originalEmbedContext":{"portalId":"2617658","formId":"0492e7b1-c029-4110-8042-598f482d9802","region":"na1","target":"#hs_form_target_form_683470893","isBuilder":false,"isTestPage":false,"isPreview":false,"formInstanceId":"4771","formsBaseUrl":"/_hcms/forms","css":"","inlineMessage":"Thanks for submitting the form.","isMobileResponsive":true,"rawInlineMessage":"Thanks for submitting the form.","hsFormKey":"f5f6967922511719d6cffb2ca3d3beb5","pageName":"Cyclops Ransomware and Stealer Combo: Exploring a Dual Threat","pageId":"118749292421","contentType":"blog-post","formData":{"cssClass":"hs-form stacked hs-custom-form"},"isCMSModuleEmbed":true},"correlationId":"4cb5ae38-56a0-4450-b688-89ab5211d6a4","renderedFieldsIds":["email"],"captchaStatus":"NOT_APPLICABLE","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.3300","sourceName":"forms-embed","sourceVersion":"1.3300","sourceVersionMajor":"1","sourceVersionMinor":"3300","_debug_allPageIds":{"embedContextPageId":"118749292421","analyticsPageId":"118749292421","pageContextPageId":"118749292421"},"_debug_embedLogLines":[{"clientTimestamp":1686103806000,"level":"INFO","message":"Retrieved customer callbacks used on embed context: [\"getExtraMetaDataBeforeSubmit\"]"},{"clientTimestamp":1686103806002,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"Cyclops Ransomware and Stealer Combo: Exploring a Dual Threat\",\"pageUrl\":\"https://www.uptycs.com/blog/cyclops-ransomware-stealer-combo\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36\",\"pageId\":\"118749292421\",\"isHubSpotCmsGeneratedPage\":true}"},{"clientTimestamp":1686103806003,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"DE\""},{"clientTimestamp":1686103806437,"level":"INFO","message":"Retrieved analytics values from API response which may be overriden by the embed context: {\"hutk\":\"03b570e98d97ba53f6e491c3e591468d\",\"canonicalUrl\":\"https://www.uptycs.com/blog/cyclops-ransomware-stealer-combo\",\"contentType\":\"blog-post\",\"pageId\":\"118749292421\"}"}]}"><iframe
name="target_iframe_0492e7b1-c029-4110-8042-598f482d9802_4771" style="display: none;"></iframe>
</form>
Text Content
___ × This website stores cookies on your computer. These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information in order to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media. To find out more about the cookies we use, see our Privacy Policy If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference not to be tracked. Accept Decline * Products UNIFIED CNAPP AND XDR PLATFORM Reduce risk and prioritize responses to threats, vulnerabilities, and misconfigurations—all from a single UI and data model. CNAPP * Overview * CWPP * CSPM * CIEM * CDR XDR * Overview SOLUTIONS By Attack Surface * AWS * Azure * Google Cloud * Containers and Kubernetes * Endpoints By Use Case * Detection and Response * Threat Hunting * CSIRT * Vulnerability Scanning * Compliance Why Uptycs? * Services SERVICES Discover how to empower your team with professional services, expert support, security education, and managed services for a robust security experience. MANAGED SERVICES (MDR) * Overview TRAINING AND SUPPORT * Support and Professional Services * Training and Education * Partners PARTNERS Learn about partnering with Uptycs: Elevate your business by uniting CNAPP + XDR, and become a trusted reseller, MSSP, or systems integrator. CLOUD SERVICE PROVIDERS * AWS * Azure * Google Cloud Overview * Resources RESOURCES Everything you need to know about Uptycs. From product information to how Uptycs is helping meet our customers needs. RESOURCES * All Resources * All Blogs * All Events RESOURCES Uptycs Live - The Golden Thread: Correlating Attacks from Laptops to Cloud All Resources BLOG RTM Locker Ransomware as a Service (RaaS) Now Suits Up for Linux Architecture All Blogs EVENTS Gartner Security & Risk Management Summit June 5-7 All Events * Company UPTYCS Discover Uptycs' groundbreaking approach to tackling modern security challenges, uniting teams, and connecting insights across your attack surface for unparalleled protection. ABOUT US * Overview * Careers * Security Practices IN THE NEWS Uptycs Achieves AWS Security Competency Status Contact Us All Press and News Contact Us Request a demo CYCLOPS RANSOMWARE AND STEALER COMBO: EXPLORING A DUAL THREAT Tags: Malware, Threat Intelligence, Endpoint Security, EDR, Threat Research, XDR, macOS, linux, stealer, ransomware, windows UPTYCS THREAT RESEARCH June 05, 2023 Share: * * * * In our ongoing efforts to monitor and identify emerging threats on the dark web, the Uptycs threat research team has recently uncovered a new and alarming threat. Last time, we came across the notorious RTM Locker ransomware. This time we’ve stumbled upon a new actor known as the Cyclops threat group. The Cyclops group is particularly proud of having created ransomware capable of infecting all three major platforms: Windows, Linux, and macOS. In an unprecedented move, it has also shared a separate binary specifically geared to steal sensitive data, such as an infected computer name and a number of processes. The latter targets specific files in both Windows and Linux. THREAT ATTRIBUTION Uptycs threat intelligence actively monitors the dark web, where we recently encountered a new ransomware-as-a-service (RaaS) provider. In addition to offering ransomware services, this entity also supplies a separate binary for stealing purposes. The threat actor behind this RaaS promotes its offering on forums. There it requests a share of profits from those engaging in malicious activities using its malware. Fig. 1 - Cyclops admin post The threat developer provides a separate panel to facilitate distribution of its ransomware for the aforementioned three operating systems. Within the same panel are distinct binaries available for the ancillary stealer component that is tailored specifically for Linux and Windows. Fig. 2 - Cyclops admin panel Acting as a sort of bank, the website includes a financial section, offering a Cyclops attacker the ability to initiate a withdrawal of paid-up ransom amounts. Fig. 3 - Cyclops payment panel The threat developers are able to promptly address real-time issues and to provide rewards for valuable suggestions. RANSOMWARE BINARY ANALYSIS WINDOWS After extracting the downloaded archive file obtained from the panel, Uptycs discovered the presence of the builder binary and a readme.txt file. Additionally, the threat actor has privately shared a builder ID for creating a ransom payload named locker.exe. Fig. 4 - Generating ransom payload This payload is specifically designed to infect both local and networked machines. The accompanying text file contains payload execution instructions—both with and without command line arguments. Fig. 5 - Ransom payload execution command line The Cyclops ransomware payload is a compiled executable binary specifically aimed for x64-bit architecture using the VC++ compiler. The payload scans and identifies processes running on victims’ machines, immediately terminating any process that could hinder encryption of targeted files it intends to hold hostage. Such processes include: xfssvccon.exe synctime.exe ocomm.exe excel.exe wordpad.exe steam.exe ocautoupds.exe svc.exe visio.exe sql.exe notepad.exe dbeng50.exe thunderbird.exe powerpnt.exe mspub.exe dbsnmp.exe tbirdconfig.exe outlook.exe msaccess.exe agntsvc.exe thebat.exe onenote.exe vmms.exe TeamViewer.exe vmwp.exe oracle.exe vc.exe Mydesktopservice.exe ig.exe ocssd.exe firefox.exe sqbcoreservice.exe Fig. 6 - Termination process list The payload uses the GetLogicalDriveStrings API to retrieve system logical drive information. Fig. 7 - Get logical drive information After obtaining drive letters, it enumerates the folders and drops a ransom note file named, How To Restore Your Files.txt on the disk. Before encrypting any given file, the payload checks if its file extension matches a predefined list (figure 8). If not, the file gets encrypted and a .CYCLOPS extension is appended, e.g., LICENSE.txt.CYCLOPS. Fig. 8 - Exclude file extension list An attacker obtains shadow copy details from a victim system by executing a SELECT * FROM Win32_ShadowCopy query. Query output includes information such as each shadow copy ID, creation time, volume name, and other relevant details. Next the payload initiates deletion of a specific shadow copy identified by its ID; it does so by executing the Windows Management Instrumentation command line (WMIC) utility via a command prompt. DELETE SHADOW COPY COMMAND cmd.exe /c C:\Windows\System32\wbem\WMIC.exe shadow copy where "ID='{<ID>}'" delete RANSOM NOTE The ransom note message points to an Onion site where a victim can visit to potentially recover their encrypted files. Fig. 9 - Ransom note LINUX The Linux binary is a Golang-compiled file, where its function names are stripped to make reverse engineering difficult. It’s CGO-based, where the source code is written in C and built on Golang. On executing the sample, it provides options to encrypt files in a specific path, virtual machines, or enable verbose output as shown in Figure 10. Fig. 10 - Linux ransomware arguments EXCLUDED ENCRYPTION FILES AND FOLDERS Files present in /proc and /boot are not encrypted. Rather, it encrypts files having extensions .vmcx, .vmdk, .vmem, .vmrs, .vmsd, .vmsn, .txt, .csv ,.lock, .pdb, .csv and many others. And it drops a ransom note in every folder it encrypts. Fig. 11 - Linux ransomware note After encrypting all the files it then generates a report of statistics related to found files, encrypted files, encrypted error files, time, et al. Fig. 12 - Report of Cyclops ransomware (Linux) after encryption ENCRYPTION LOGIC OF WINDOWS AND LINUX The encryption is complex; all functions statically implemented using a combination of asymmetric and symmetric encryptions. Here is a look at the encryption procedure. * There is a call to CryptAcquireContext to acquire the handle of a particular key container within CSP. * Cryptgenrandom is then called to fill a buffer with a cryptographically random 32 bytes, the handle obtained in step1 being passed as a parameter. (In Linux, the crypto_rand_batched Golang library highlighted in figure 14 is used to generate 32 random bytes.) Fig. 13 - Random number generation in Windows Fig. 14 - Random number generation in Linux * The random bytes are used as a private key during the ECDH algorithm on Curve25519. * The private key is now used to generate the public key through Curve25519, which is appended at the end of the encrypted file. * A shared key/session key in ECDH is now generated through Curve25519, using the private key from step 2 and the attacker's public key hardcoded in the file. In Windows, Curve25519 encryption is statically implemented, making reverse engineering difficult. Golang library Curve25519 is used in Linux. Fig. 15 - Curve25519 implementation in Windows Fig. 16 - Curve25519 ECDH public key (Windows) Fig. 17 - Curve25519 call in Linux * The generated shared/session key SHA512 hash is calculated and used during symmetric encryption. It’s statically implemented, with all file constants being hardcoded. Fig. 18 - SHA512 implementation in Windows * The CRC32 of the SHA512 hash is computed and appended at the end of the encrypted file. The CRC32 function is also statically implemented with all constants contained within the file. Fig. 19 - Hardcoded CRC32 constants in Windows file * The symmetric encryption used here is HC-256 (a stream cipher). It takes the first 32 bytes of generated SHA512 as a key and the next 32 bytes of generated 512 as the initialization vector (IV). Figure 20 shows how the key and IV are expanded to a 2560-word (0xA00) array. Fig. 20 - HC-256 algorithm implementation in Windows * Linux symmetric encryption uses ChaCha, where the key and IV are derived from the generated shared/session key SHA512 hash. Fig. 21 - ChaCha implementation in Linux * After encryption in both Windows and Linux using the public key, CRC32 and a file marker are appended to the end of the file. Used to identify if the file has already been encrypted (so as not to repeat encryption), the Linux file marker is 00ABCDEF, whereas in Windows it’s 000000000000000000000000. LINUX: Fig. 22 - Encrypted file contents in Linux WINDOWS: Fig. 23 - Encrypted file contents in Windows MACOS The hash is a Golang-compiled file (same as the Linux variant) and is in the form of a mach-O binary (figure 24). Fig. 24 - mach-0 binary information On executing our sample, it provided options to encrypt files in a specific path, virtual machines, or enable verbose output (figure 25). Fig. 25 - Ransom execution command The option chosen for ransom execution places encrypted files in a designated folder, accompanied by ransom note (How to Restore Your Files.txt) (figure 26). Fig. 26 - Ransom encrypted folder STEALER BINARY WINDOWS STEALER This stealer can be downloaded from the aforementioned master Cyclops panel (figure 2). After extracting the downloaded archive file, we obtained two files: stealer.exe and config.json. The stealer is an executable binary for x64 systems that extracts system information from targeted machines. OS details Computer name Number of processes Logon server Following that, the stealer reads its config.json file located in the same directory as its execution. It contains a list of filenames along with corresponding extensions and sizes. Fig. 27 - Config.json file Next the stealer scrutinizes the \system32 directory for the existence of unidentified files, (characterized by randomly generated and excessively long filenames). Fig. 28 - Checking for random files in \system32 folder The stealer then enumerates directories and checks for the presence of targeted files and specific file extensions. If any matches are found, it creates a new, password-protected zip file (zip file name-n.zip) that includes an exact copy of the identified file along with its corresponding folder tree structure. The data is then exfiltrated to the attacker’s server. Fig. 29 - Collected victim files in temp folder The zip file name-n.zip contains illicitly obtained files from victims’ machines. Fig. 30 - Inside a zip file LINUX STEALER This stealer is also obtained from the master Cyclops panel (figure 2). Upon extracting the archive file obtained from the panel, we again discovered two files: stealer.linux and config.json. This stealer functionality is similar to the Windows stealer, with both being Golang-compiled. It starts by reading config.json located in the same directory as its execution. This file contains a filename list along with their corresponding extensions and sizes. Fig. 31 - Configuration file - Linux The stealer enumerates directories and checks for the presence of targeted files and specific file extensions mentioned in the JSON file. If matches are found, it creates a new, password-protected zip file (zip file name-n.zip) that includes an exact copy of the identified file along with its corresponding folder tree structure inside a /tmp directory. It then uploads the zip files: https[:]//api[.]bayfiles[.]com/upload https[:]//api[.]anonfiles[.]com/upload The Uptycs team is still working on the stealer component and will be updating our blog as we get more information. SIMILARITIES WITH BABUK AND LOCKBIT RANSOMWARE * Cyclops ransomware encryption logic shares similarities with Babuk ransomware. Like Cyclops, the latter also used Curve25519 and HC-256 for Windows encryption. And again like Cyclops, Babuk uses the combination of Curve25519 and ChaCha. * Executable strings are encoded and stored as a stack string in the Cyclops ransomware. To use these strings, they’re dynamically decoded through computations that involve addition, subtraction, shifting, XORing, et al. Such encoding was similarly observed in Lockbit v2. Fig. 32 - Stack string obfuscation in Cyclops ransomware Fig. 33 - Stack string obfuscation in Lockbit v2 ransomware UPTYCS DETECTION Given that our platform is armed with YARA process scanning and advanced detections, Uptycs XDR clients can easily scan for Linux and Macintosh ransomware. Fig. 34 - Uptycs detection - macOS/Linux Not to be left out, the Uptycs product is also equipped with specialized alert detection for Windows ransomware. Fig. 35 - Uptycs detection - Windows QUERY TO SCAN FOR MALICIOUS STEALERS The following query scans a temporary location to identify a stealer. However, there is no guarantee that a stealer will be present in the sample location shown. Therefore, you should scan any suspicious files based on your own system location. QUERY – WINDOWS: > select * from yara where count > 0 and path like > 'C:\Users\%\AppData\Local\Temp\%%' and rule = 'rule > Uptycs_Infostealer_Cyclops_windows > > { > > meta: > > malware_name = "Infostealer" > > description = "Infostealers are malwares that can steal credentials from > browsers, FTP clients, email clients etc from victim machines." > > author = "Uptycs Inc" > > version = "1" > > > > > > strings: > > $string_0 = {0F B6 B4 18 EA 01 00 00 40 C0 EE 04 40 0F B6 F6 48 8D 3D ?? > ?? ?? 00 0F B6 34 37 0F 1F 00 48 81 FA 0B 02 00 00 0F 83 ?? ?? 00 00} > > $string_1 = {44 0F B6 84 18 EA 01 00 00 41 83 E0 0F 41 0F B6 3C 38 48 81 > FE 0B 02 00 00 72 95} > > $string_2 = {FF D0 48 81 C4 50 01 00 00 59} > > $string_3 = "GetSystemInfo" ascii wide > > $string_4 = "GetProcessAffinityMask" ascii wide > > $string_5 = "GetEnvironmentStrings" ascii wide > > $string_6 = "GetConsoleMode" ascii wide > > $string_7 = "math.Vr8NUS" ascii wide > > $string_8 = "json:\"status\"" ascii wide > > > > > > condition: > > all of them > > }' QUERY - LINUX: > select * from yara where count > 0 and path like '/tmp' and rule = 'rule > Uptycs_Infostealer_Cyclops > { > meta: > malware_name = "Infostealer" > description = "Infostealers are malwares that can steal credentials from > browsers, FTP clients, email clients etc from victim machines." > author = "Uptycs Inc" > version = "1" > > > // All are moving patterns > > > strings: > $Infostealer_Cyclops_0 = {48 81 EC B0 00 00 00 48 89 AC 24 A8 00 00 00 48 8D > AC 24 A8 00 00 00 48 BA 2F 70 DC 38 93 99 77 CB 48 89 54 24 6C 48 BA D8 1F 8E > E2 21 03 59 E8 48 89 54 24 74 48 BA 21 03 59 E8 CB 81 2D E4 48 89 54 24 78 48 > BA E6 FC 0D 2D D9 82 66 1D 48 89 94 24 80 00 00 00} > $Infostealer_Cyclops_1 = {48 BA 46 87 69 74 E3 8F F8 08 48 89 94 24 88 00 00 > 00 48 BA 73 62 58 40 B0 D3 FC 18 48 89 94 24 90 00 00 00 48 BA 57 FA 61 40 F0 > D4 0D 2B 48 89 94 24 98 00 00 00 48 BA 36 0F 3B 23 74 94 3E B3 48 89 94 24 A0 > 00 00 00 44 0F 11} > $Infostealer_Cyclops_2 = {48 BA 64 42 44 53 31 6E 75 39 48 89 54 24 34 48 BA > 2D 6F 3E 20 2C 2C 39 72 48 89 54 24 3C 48 BA 2C 2C 39 72 65 00 37 46} > $Infostealer_Cyclops_3 = {48 BA 6D 75 73 71 7A 6F 4C 20 48 89 54 24 1E 48 BA > 73 6F 6F 20 72 6F 47 7F 48 89 54 24 26 48 BA 04 01 0F 01 05 08 05 03} > $Infostealer_Cyclops_4 = {49 3B 66 10 0F 86 EC 00 00 00 48 83 EC 50 48 89 6C > 24 48 48 8D 6C 24 48 48 BA 73 54 74 75 63 74 75 7F 48 89 54 24 30 48 BA DF 20 > 6E F2 65 64 01 EB 48 89 54 24 38 48 BA CF 6C FE 49 06 CB F7 3C 48 89 54 24 40 > 48 BA 08 02 15 17 08 01 0F 01 48} > > > > > condition: > all of ($Infostealer_Cyclops*) > }’ CONCLUSION AND PRECAUTIONS * Promoting user awareness and education is crucial in preventing successful attacks. Users should exercise caution when handling email attachments, visiting suspicious websites, or downloading files from untrusted sources. Implementing robust email filtering and providing education on phishing techniques can effectively mitigate such risks. * Perform regular backups of critical data to mitigate the impact of ransomware attacks. Your backups should be securely stored and periodically tested to ensure data integrity and availability. * Regularly updating your security software and conducting system scans can help detect and prevent such threats. * Transmission of stolen data to an attacker's server highlights the importance of network monitoring and intrusion detection systems (IDS). Organizations should invest in robust network security measures to identify and block suspicious outbound traffic. * Organizations should prioritize implementing multi-factor authentication (MFA) for critical systems and sensitive data access. MFA adds an extra layer of security, making it more challenging for attackers to gain unauthorized access by requiring additional authentication factors. RELATED POSTS Malware, Threat Intelligence, Endpoint Security, EDR, Threat Research, XDR, macOS, linux, stealer, ransomware, windows CYCLOPS RANSOMWARE AND STEALER COMBO: EXPLORING A DUAL THREAT UPTYCS THREAT RESEARCH June 5, 2023 Cybersecurity, Cloud Threat Detection, XDR vs CDR, Threat Detection, Cloud Environment, XDR vs EDR, CDR vs EDR, XDR vs EDR vs CDR, EDR vs XDR XDR VS EDR VS CDR: WHAT’S THE DIFFERENCE? LAURA KENNER June 5, 2023 Threat Intelligence, Cybersecurity, Zero-Trust EXPLORING CUTTING-EDGE SECURITY STRATEGIES AT THE GARTNER SECURITY AND RISK MANAGEMENT SUMMIT 2023 MARK BLISS June 2, 2023 Osquery, Cloud Security, Security Analytics, Announcement, Uptycs FIRING ON ALL CYLINDERS: GROWTH, CUSTOMERS, TEAM & $50M SERIES C FUEL UPTYCS' SUCCESS GANESH PAI June 1, 2023 Cybersecurity Careers, Amanda Berlin, Mental Health, Mental Health Hackers STRIKING A BALANCE: RECAP OF OUR LIVE EVENT ON CYBERSECURITY & MENTAL HEALTH LAURA KENNER May 18, 2023 Kubernetes, Cybersecurity, Container Security, Cloud Identity, Kubernetes Container Security RBAC IN KUBERNETES: HOW TO AUDIT PERMISSIONS, IDENTITIES, AND ROLES SIBAN MISHRA May 12, 2023 Cybersecurity, RSA Conference 2023, RSA KEY TAKEAWAYS FROM RSAC 2023 WITH CYBERSECURITY CEO TASHA HOLLOWAY TASHA HOLLOWAY May 11, 2023 Threat Hunting, Detection, Cybersecurity, Cloud Threat Detection, Cloud Detection and Response, Threat Detection HOW ANOMALY DETECTION ADVANCES THREAT HUNTING AND DETECTION—ESPECIALLY IN THE CLOUD CRAIG CHAMBERLAIN May 5, 2023 Threat Intelligence, Endpoint Security, Threat Research, Cybersecurity RTM LOCKER RANSOMWARE AS A SERVICE (RAAS) NOW SUITS UP FOR LINUX ARCHITECTURE UPTYCS THREAT RESEARCH April 26, 2023 Endpoint Security, User Security, Slack, OttoM8 ENHANCE ENDPOINT DEVICE SECURITY WITH UPTYCS OTTO M8 SLACK INTEGRATION LAURA KENNER April 24, 2023 Cloud Security, Endpoint Security, Uptycs, Cybersecurity SHIFT UP SECURITY: THE END OF THE CYBERSECURITY POINT SOLUTIONS ERA GANESH PAI April 23, 2023 Cyber Security Strategy, Endpoint Security, Uptycs, Cybersecurity, Chris Castaldo, SMB, Startups CYBERSECURITY FOR STARTUPS: CRUCIAL STRATEGIES & EXPERT TIPS WITH CHRIS CASTALDO LAURA KENNER April 20, 2023 Malware, Threat Research, XDR, APT-36, Transparent Tribe, Pakistan, India, Mythic Poseidon, linux DECIPHERING APT-36'S LATEST LINUX MALWARE CAMPAIGN: UNVEILING CYBER ESPIONAGE IN INDIA TEJASWINI SANDAPOLLA April 17, 2023 Uptycs, Cybersecurity, Container Security, Control Plane, Container Kubernetes, Container Security Kubernetes, Containers and Kubernetes UPTYCS ENHANCES KUBERNETES RBAC SECURITY WITH IDENTITY RISK CAPABILITIES JEREMY COLVIN April 17, 2023 Malware, Threat Intelligence, Endpoint Security, Threat Research, XDR, Cloud Threat Detection, Infostealer, Threat Detection, Infostealer trojan, Trojan Infostealer ZARAZA BOT CREDENTIAL STEALER TARGETS BROWSER PASSWORDS UPTYCS THREAT RESEARCH April 14, 2023 Container Kubernetes, Kubernetes Container Security, Container Security Kubernetes, Containers and Kubernetes, Future of Containers, Future of Kubernetes, Kubernetes Containers CONTAINERS AND KUBERNETES SECURITY: EXPLORING THE ROAD AHEAD JEREMY COLVIN April 12, 2023 Aws Iam instance profile, Instance profile, Aws instance profile, Iam instance profile, Aws_iam_instance_profile, Instance profile aws, Aws instance profiles THE UNHOLY MARRIAGE OF AWS IAM ROLES AND INSTANCE PROFILES ANDRE RALL April 11, 2023 M&A Cybersecurity, Cybersecurity M&A due diligence, Cybersecurity M&A, Cybersecurity in M&A, Cybersecurity mergers and acquisitions, mergers and acquisition Cybersecurity THE IMPORTANCE OF CYBERSECURITY IN M&A DUE DILIGENCE LAURA KENNER April 6, 2023 Osquery, MITRE ATT&CK Framework and osquery, MITRE ATT&CK Framework, ATT&CK MITRE Framework, Framework MITRE ATT&CK MITRE ATT&CK FRAMEWORK AND OSQUERY: SCIENTIFIC DETECTION LAURA KENNER April 6, 2023 CDR, CDR Acronym I USED TO THINK CDR WAS A SILLY ACRONYM JACK ROEHRIG April 4, 2023 3CX Supply Chain Cyber Attack, 3cx, Software supply chain attacks, Supply chain attack, supply chain attacks, Supply chain cyber attack, Supply chain cyber attacks 3CX SUPPLY CHAIN CYBER ATTACK: AN ANALYSIS OF WINDOWS AND MACOS MALICIOUS LIBRARIES UPTYCS THREAT RESEARCH April 4, 2023 Featured, RSA Conference, RSA Conference 2023, RSA Conference Security, RSA Security Conference, RSA Security Conference 2023, 2023 RSA Conference, RSA, RSA Cybersecurity Conference UPTYCS AT RSA CYBERSECURITY CONFERENCE 2023: UNVEILING INSIGHTS & INNOVATIONS MARK BLISS March 30, 2023 Malware, Mac EDR, Threat Intelligence, Threat Research, XDR, Infostealer, macOS MACSTEALER: UNVEILING A NEWLY IDENTIFIED MACOS-BASED STEALER MALWARE SHILPESH TRIVEDI March 24, 2023 Cloud Security, Kubernetes, Container Security, CNAPP CNAPP: 2023 GARTNER® MARKET GUIDE - 6 PRIMARY INSIGHTS CRYSTAL POENISCH March 22, 2023 Cybersecurity, Women in Cybersecurity, Women's History Month WOMEN IN CYBERSECURITY: CHALLENGES, SUCCESSES, & PLANS FOR THE FUTURE LAURA KENNER March 16, 2023 Malware, Detection, Incident Response, BatLoader TRACKING BATLOADER MALWARE USING UPTYCS UPTYCS TEAM March 16, 2023 Uptycs, Cybersecurity, Women in Cybersecurity, Career Change, Empowering Women, IT, College Education, Job Search, Professional Development, Women in Tech, Certifications, Online Learning, Career Journey, LinkedIn Optimization, Personal Growth EMBARKING ON THE CYBERSECURITY JOURNEY: MY NONLINEAR PATH LAURA KENNER March 16, 2023 Skill Up, Up skills, Skills Up, Up Skill, Up-skilling, Skilled up, Skill up courses, Skilling up, Up-skilled UPSKILL IN CYBERSECURITY: FREE COURSES & RESOURCES FOR BUILDING EXPERTISE LAURA KENNER March 16, 2023 Malware, Threat Hunting, Endpoint Security, EDR, Threat Research, Keylogger Malware, Stealer bundlers, Infostealer, Hookspoofer, Stormkitty HOOKSPOOFER: AMPLIFYING OPEN SOURCE STEALER BUNDLERS GAINING MOMENTUM TEJASWINI SANDAPOLLA March 16, 2023 Osquery, Cyber Security Strategy, Cybersecurity, osquery@scale2022, Zero-Trust, Control Plane, Control Visibility IMPLEMENTING A ZERO-TRUST CONTROL PLANE WITH OSQUERY JEREMY COLVIN March 16, 2023 Vulnerability Assessment, Cybersecurity, chatgpt TECHNOLOGY EVANGELIST JACK ROEHRIG ON HOW CHATGPT IS DISRUPTING SECURITY NORMS ELIAS TERMAN March 10, 2023 Cyber Security Strategy, Threat Management, Endpoint Security, Data, Incident Response, Cybersecurity KEY INSIGHTS FROM THE NATIONAL CYBERSECURITY STRATEGY LAURA KENNER March 10, 2023 Cloud Security, Incident Response, Cybersecurity, Remote Code Execution, Customer Data Protection, LastPass, Data Breach, Password Management, Cloud Threat Detection, Keylogger Malware, Third-Party Software LASTPASS SECURITY BREACH 2022: LATEST UPDATES & FINDINGS LAURA KENNER March 2, 2023 Threat Hunting, Threat Management, EDR, Threat Research, XDR PARALLAX RAT EXPLOITED BY THREAT ACTOR, POSING RISKS TO CRYPTOCURRENCY ENTITIES UPTYCS THREAT RESEARCH February 28, 2023 Cloud Security, Cyber Security Strategy, Threat Research, XDR Q4 QUARTERLY THREAT BULLETIN UPTYCS THREAT RESEARCH February 23, 2023 osquery@scale2022 LEVERAGING OSQUERY EXTENSIONS FOR SCALABLE JAVA VULNERABILITY DETECTION LAURA KENNER February 13, 2023 Vulnerability Assessment, Threat Research, Cybersecurity IMAGEMAGICK VULNERABILITY: DENIAL OF SERVICE (DOS) & ARBITRARY FILE READ EXPLOITATION SIDDARTHA MALLADI February 10, 2023 Malware, Threat Intelligence, Endpoint Security, EDR, Threat Research, Featured DECIPHERING STEALERIUM MALWARE: EXPLORING EVASION TECHNIQUES & INSIGHTS KARTHICKKUMAR KATHIRESAN February 10, 2023 osquery@scale2022 CHEAPER MONITORING OF MILLIONS OF AWS WORKLOADS: HOW NETFLIX CYBERSECURITY TEAM USES OSQUERY CAROL CALEY January 30, 2023 Security Hygiene, Threat Management, Endpoint Security, Compliance, Configuration, Cybersecurity EVOLUTION OF PASSWORD BEST PRACTICES 2023: ADAPTING TO THE CHANGING LANDSCAPE JENNIFER LYNN January 24, 2023 Malware, Threat Research THE TITAN STEALER: INFAMOUS TELEGRAM MALWARE CAMPAIGN KARTHICKKUMAR KATHIRESAN January 23, 2023 Threat Research, Cybersecurity CVE-2022-41034: VISUAL STUDIO CODE REMOTE CODE EXECUTION VULNERABILITY ARPIT KATARIA January 11, 2023 Threat Research, Cybersecurity TARGETED INFOSTEALER MALWARE CAMPAIGN AFFECTS ITALIAN REGION UPTYCS THREAT RESEARCH January 6, 2023 Cloud Security, AWS, Detection, Cloud Identity DETECTING UNUSUAL AWS SESSIONS UTILIZING TEMPORARY CREDENTIALS (2/2) ANDRE RALL December 28, 2022 Cloud Security, AWS, Detection, Cloud Identity IDENTIFYING ABNORMAL AWS SESSIONS ORIGINATING FROM TEMPORARY CREDENTIALS (1/2) ANDRE RALL December 28, 2022 Cloud Security, Cyber Security Strategy, Announcement, Featured WHY NOT BOTH? UPTYCS CWPP COMBINES AGENT-BASED & AGENTLESS SCANNING FOR COMPREHENSIVE SECURITY TYSON SUPASATIT December 9, 2022 Cloud Security JACK ROEHRIG: WHY I JOINED UPTYCS JACK ROEHRIG December 7, 2022 Cloud Security, Cyber Security Strategy, XDR FORRESTER PLANNING GUIDE 2023 OVERVIEW: SECURITY & RISK UPTYCS TEAM December 2, 2022 AWS, Cybersecurity AWS RE:INVENT FEATURING DAVID KOREN - UPTYCS HIGHLIGHT SERIES GABRIELA SILK November 30, 2022 Cloud Security, Cyber Security Strategy CDR DETECTION CATEGORIES: UNVEILING WHY THREAT ACTORS DESPISE CLOUD DETECTION & RESPONSE ANDRE RALL November 22, 2022 Cloud Security CSA SECTEMBER 2022: KEY TECHNOLOGY & SECURITY TRENDS CAROL CALEY November 7, 2022 Cloud Security SUMMARY OF SURVEY FINDINGS: CLOUD SECURITY IN THE FINANCIAL SERVICES SECTOR UPTYCS November 5, 2022 Cybersecurity THE COMPREHENSIVE GUIDE TO AWS RE:INVENT 2022 FOR ATTENDEES UPTYCS November 3, 2022 Threat Intelligence, Threat Research CUSTOMER SECURITY ADVISORY: ADDRESSING OPENSSL BUFFER OVERFLOW VULNERABILITIES (CVE-2022-3602 & CVE-2022-3786) JOSH LEMON November 3, 2022 Kubernetes, Detection, Container Security UPTYCS ENHANCES THREAT DETECTION CAPABILITIES: SECURING YOUR KUBERNETES DEPLOYMENTS FROM HACKERS JEREMY COLVIN October 24, 2022 Threat Research, Featured JAVA VULNERABILITY SCANNING & OSQUERY: TEXT4SHELL (CVE-2022-42889) QUERIES UPTYCS TEAM October 20, 2022 Integrations, Announcement UPTYCS PARTNERS WITH PAGERDUTY: STREAMLINING INCIDENT RESPONSE FROM DETECTION TO RESOLUTION FOR TEAMS JEREMY COLVIN October 18, 2022 Kubernetes, Threat Hunting, Kubequery UPTYCS SPOTLIGHT SERIES: KUBECON WITH SOLOMON MURUNGU GABRIELA SILK October 17, 2022 Threat Hunting, Threat Intelligence, Threat Research, Featured ANALYZING AGENT TESLA MALWARE: UNVEILING WSHRAT AS A DROPPER UPTYCS THREAT RESEARCH October 13, 2022 Kubernetes, Cybersecurity ANTICIPATING KUBECON 2022: EXCITING HIGHLIGHTS ON THE HORIZON UPTYCS October 10, 2022 Osquery, Threat Hunting, osquery@scale UPTYCS SPOTLIGHT SERIES: OSQUERY@SCALE WITH PABLO ARMAS GABRIELA SILK September 13, 2022 Osquery, osquery@scale THE BEST OF OSQUERY@SCALE: DETECTION & INCIDENT RESPONSE BRIAN THOMAS September 12, 2022 Osquery, Threat Hunting, osquery@scale UPTYCS SPOTLIGHT SERIES: OSQUERY@SCALE WITH SAURABH WADHWA GABRIELA SILK September 8, 2022 Osquery, osquery@scale THE BEST OF OSQUERY@SCALE: MONITORING & COMPLIANCE BRIAN THOMAS September 6, 2022 Threat Hunting, Threat Intelligence, Threat Research, Featured ADDITIONAL LINUX RANSOMWARE LIKELY UNDERWAY UPTYCS THREAT RESEARCH September 1, 2022 Cloud Security, Cyber Security Strategy THE CSA'S PANDEMIC 11: TOP CLOUD SECURITY THREATS & WHAT TO DO ABOUT THEM LAURA KENNER August 31, 2022 Cloud Security, Cyber Security Strategy, Vulnerability Assessment RISK POSTURE: ASSESSING & UNDERSTANDING ORGANIZATIONAL RISK IN CYBERSECURITY GABRIELA SILK August 25, 2022 Cloud Security CLOUD NETWORKING: EXPLORING THE FUNDAMENTALS & ADVANTAGES OF CLOUD NETWORK INFRASTRUCTURE GABRIELA SILK August 22, 2022 Threat Hunting, Threat Intelligence, Threat Research IS TOX THE NEW C&C METHOD FOR COINMINERS? UPTYCS THREAT RESEARCH August 19, 2022 THE BEST OF OSQUERY@SCALE: COMPLIANCE & CLOUD GOVERNANCE JEREMY COLVIN August 17, 2022 Cloud Security, Announcement, Featured 5 MOTIVATIONS BEHIND MY DECISION TO BECOME CMO AT UPTYCS ELIAS TERMAN August 9, 2022 Cloud Security, Vulnerability Assessment, Endpoint Security, Container Security UPTYCS ENHANCES CAPABILITIES WITH VULNERABILITY MANAGEMENT: EMPOWERING CONTEXTUAL INSIGHTS & RAPID REMEDIATION JEREMY COLVIN August 9, 2022 Osquery, Cloud Security, Cybersecurity THE BEST OF OSQUERY@SCALE: CLOUD SECURITY EDITION HARRY HAYWARD August 4, 2022 Cloud Monitoring, Cloud Security, Cyber Security Strategy GO BEYOND CSPM TO CLOUD DETECTION & RESPONSE ANDRE RALL July 28, 2022 Threat Hunting, Threat Intelligence, Threat Research QBOT RESURFACES WITH DLL SIDE LOADING TECHNIQUE TO EVADE DETECTION MECHANISMS UPTYCS THREAT RESEARCH July 28, 2022 Cloud Security, Announcement, Detection, Featured DEFENSE IN DEPTH FOR THE CLOUD: THE CRUCIAL ROLE OF CLOUD DETECTION & RESPONSE TYSON SUPASATIT July 26, 2022 Cloud Security, Kubernetes, Container Security THE ADVANTAGES OF USING CONTAINERS GABRIELA SILK July 25, 2022 Threat Management, Cybersecurity DETECTION ENGINEERING: ENHANCING THREAT DETECTION & INCIDENT RESPONSE IN CYBERSECURITY LAURA KENNER July 14, 2022 CI/CD, Kubernetes, Container Security CONTAINERIZATION IN DEVOPS: STREAMLINING APPLICATION DEPLOYMENT & MANAGEMENT GABRIELA SILK July 11, 2022 Uptycs, Cybersecurity AWS RE:INFORCE 2022: GUIDE FOR VISITORS TO BOSTON BRIAN THOMAS July 6, 2022 Threat Hunting, Threat Intelligence, Threat Research KURAYSTEALER: AN UNSCRUPULOUS ACTOR EXPLOITING DISCORD WEBHOOKS UPTYCS THREAT RESEARCH July 1, 2022 Cyber Security Strategy, Cybersecurity RSA 2022: A FIRST-TIME ATTENDEE'S FIRST IMPRESSIONS & KEY TAKEAWAYS GABRIELA SILK June 30, 2022 CI/CD, Kubernetes, Container Security KUBERNETES PODS VS. NODES: UNDERSTANDING DIFFERENCES & USE CASES GABRIELA SILK June 14, 2022 Cloud Security, Cybersecurity SD-WAN VS. MPLS: COMPARING NETWORK TECHNOLOGIES GABRIELA SILK June 14, 2022 Cybersecurity SANDBOX VR'S REMAINING DEEP DIVE SESSIONS GABRIELA SILK June 9, 2022 Cloud Security, Cybersecurity UPTYCS AT RSA: BOOTH SESSIONS, RAFFLES & SECURITY STRATEGY DAY 3 GABRIELA SILK June 8, 2022 Threat Hunting, EDR, Threat Research, XDR, Featured CROSS-PLATFORM EVOLUTION: BLACK BASTA RANSOMWARE EXPANDS TO TARGET ESXI SYSTEMS UPTYCS THREAT RESEARCH June 7, 2022 CI/CD, Cloud Security, Kubernetes, Announcement, Compliance, Featured, Cybersecurity UPTYCS EXPANDS CNAPP VISION: WHAT LIES AHEAD FOR CLOUD-NATIVE APPLICATION PROTECTION TYSON SUPASATIT June 6, 2022 Cybersecurity UNVEILING UPTYCS' SPEAKER SESSIONS AT THE RSA CONFERENCE BRIAN THOMAS June 1, 2022 Threat Hunting, Threat Intelligence, Threat Research WARZONERAT EVADES DETECTION WITH PROCESS HOLLOWING TECHNIQUE UPTYCS THREAT RESEARCH May 31, 2022 CI/CD, Kubernetes, Announcement, Featured, Container Security BRIDGING THE GAP WITH DEVOPS TEAMS: ENHANCING CONTAINER PROTECTION THROUGH KUBERNETES TELEMETRY IN SECURITY ANALYTICS JEREMY COLVIN May 26, 2022 Threat Hunting, Threat Intelligence, Threat Management, YARA CYBER THREAT HUNTING: UNVEILING THE ART OF PROACTIVE CYBERSECURITY GABRIELA SILK May 19, 2022 Cloud Security, Cyber Security Strategy, Cybersecurity NETWORK SEGMENTATION: ENHANCING SECURITY & PERFORMANCE THROUGH SEGREGATED NETWORKS GABRIELA SILK May 13, 2022 Threat Hunting, Threat Intelligence, Threat Research VULNERABLE DOCKER INSTALLATIONS: MALWARE ATTACK PLAYGROUND UPTYCS THREAT RESEARCH May 5, 2022 Cloud Security, Featured INTRODUCING UPTYCS CLOUD IDENTITY & ENTITLEMENT ANALYTICS TYSON SUPASATIT May 4, 2022 Cyber Security Strategy MAY THE FOURTH BE WITH YOU(R SECURITY): CELEBRATING STAR WARS DAY WITH A CYBERSECURITY FOCUS BRIAN THOMAS May 4, 2022 Threat Research QUARTERLY THREAT BULLETIN: Q1 OF 2022 UPTYCS THREAT RESEARCH April 22, 2022 Cloud Security, Endpoint Security, Cybersecurity LATERAL MOVEMENT: UNDERSTANDING THE TACTICS & IMPLICATIONS IN CYBERSECURITY GABRIELA SILK April 15, 2022 Threat Research, Featured SPRING4SHELL & CVE-2022-22963: ANALYSIS & INVENTORY OF VULNERABLE PACKAGES WITH UPTYCS UPTYCS THREAT RESEARCH April 1, 2022 MITRE ATT&CK 2022 MITRE ATT&CK® EVALUATIONS: SPOTLIGHT ON RANSOMWARE TYSON SUPASATIT March 31, 2022 Continuous Monitoring, Cloud Security, Cyber Security Strategy SECURITY RISKS OF CLOUD COMPUTING: UNDERSTANDING & MITIGATING POTENTIAL THREATS GABRIELA SILK March 30, 2022 Threat Hunting, Featured DIRTYPIPE LINUX EXPLOIT: HOW IT WORKS & HOW TO RESPOND UPTYCS THREAT RESEARCH March 10, 2022 Threat Hunting, Endpoint Security SCAN UP TO 5,000 HOSTS IN LESS THAN 20 MINUTES: A FREE LOG4SHELL ASSESSMENT JEREMY COLVIN March 8, 2022 Threat Hunting, Incident Response DESTRUCTIVE WIPERS: ESSENTIAL INFORMATION & INSIGHTS UPTYCS THREAT RESEARCH March 4, 2022 Threat Hunting, Incident Response, Featured UPTYCS HOW-TO GUIDE: CISA SHIELDS UP UPTYCS TEAM March 2, 2022 Continuous Monitoring, Threat Hunting, Incident Response, Featured CISA SHIELDS-UP: A SWIFT EXAMINATION UPTYCS TEAM March 1, 2022 Threat Research QUARTERLY THREAT BULLETIN: Q4 OF 2021 UPTYCS THREAT RESEARCH February 25, 2022 Cybersecurity PREPARING FOR CYBERATTACKS: A GUIDE FOR SMALL AND MEDIUM BUSINESSES BRIAN THOMAS February 24, 2022 YARA, EDR CASE STUDY: DEPLOYING YARA SCANNING AT SCALE FOR ADVANCED ATTACKER DETECTION - NEW UPTYCS CUSTOMER EXPERIENCE TYSON SUPASATIT February 17, 2022 Threat Hunting, Featured, Hot GROWING TREND OF ATTACKERS USING REGSVR32 UTILITY EXECUTION UPTYCS THREAT RESEARCH February 9, 2022 MITRE ATT&CK WHAT IS MITRE D3FEND & HOW SHOULD MY ORGANIZATION USE IT? TYSON SUPASATIT February 3, 2022 Cloud Monitoring RSA 2022: UPTYCS' MESSAGE BRIAN THOMAS January 26, 2022 EDR, XDR, Insight Analytics EDR VS. XDR: WHAT ARE THE SIMILARITIES & DIFFERENCES? GABRIELA SILK January 19, 2022 Cloud Monitoring, Cloud Security LEVERAGING THE CLOUD TO ENHANCE FORENSIC INVESTIGATIONS: A HOW-TO GUIDE GABRIELA SILK January 17, 2022 Threat Hunting, Threat Intelligence, Threat Research COIN MINING CRYPTOMINER CAMPAIGN TARGETS VMWARE VSPHERE SERVICES UPTYCS THREAT RESEARCH January 14, 2022 Threat Hunting LOG4J 2 CVE-2021-44228: SOLUTION FROM A SOFTWARE ARCHITECT PERSPECTIVE SESHU PASAM December 27, 2021 Incident Response, Featured LOG4J CVE-44228: SCANNING A MILLION HOSTS IN UNDER 30 MINUTES UMA REDDY December 21, 2021 Threat Hunting, Threat Research VULNERABILITY AFTERMATH OF LOG4J: IMPACT & MITIGATION MEASURES UPTYCS THREAT RESEARCH December 20, 2021 Threat Hunting LOG4J REMEDIATION: OSQUERY QUICK REFERENCE GUIDE FOR TABLES & ACTIONS UPTYCS TEAM December 13, 2021 Threat Hunting, Featured LOG4J/LOG4SHELL VULNERABILITY SCANNING & EXPLOIT DETECTION IN UPTYCS OSQUERY UPTYCS TEAM December 13, 2021 Threat Hunting, Threat Intelligence, Threat Research QUARTERLY THREAT BULLETIN: Q3 OF 2021 UPTYCS THREAT RESEARCH December 11, 2021 Osquery Tutorial, Osquery, SQL, Tech Insights CONSTRUCTING SQL QUERIES FOR ASSET MANAGEMENT: OSQUERY TUTORIAL JEREMY COLVIN November 12, 2021 Cloud Security, Cloud Compliance, Cyber Security Strategy, Compliance, Cybersecurity CLOUD SECURITY FRAMEWORK: A COMPREHENSIVE APPROACH TO SAFEGUARDING CLOUD ENVIRONMENTS GABRIELA SILK November 5, 2021 Cloud Monitoring, Cloud Security, Cyber Security Strategy, Tech Insights, Cybersecurity SCALABILITY IN CLOUD COMPUTING: EXPLORING THE ABILITY TO EXPAND & ADAPT RESOURCES EFFORTLESSLY GABRIELA SILK October 15, 2021 Threat Intelligence, Threat Management, Threat Research TEAM TNT DEPLOYS MALICIOUS DOCKER IMAGE ON DOCKER HUB: ANALYSIS & DETECTION WITH UPTYCS SIDDHARTH SHARMA October 7, 2021 Cloud Security, Configuration, Cybersecurity CLOUD SECURITY POSTURE MANAGEMENT: ENSURING STRONG SECURITY MEASURES IN THE CLOUD GABRIELA SILK October 6, 2021 Threat Hunting, EDR WHAT'S THE IDEAL VULNERABILITY MANAGEMENT TOOL FOR YOUR ENVIRONMENT? JEREMY COLVIN October 1, 2021 Cloud Security, Integrations, Cybersecurity, Container Security CLOUD NATIVE SECURITY CHECKLIST: ENSURING ROBUST PROTECTION FOR CLOUD ENVIRONMENTS GABRIELA SILK September 22, 2021 Cloud Security, Tech Insights, Cybersecurity TOP CYBERSECURITY ACCREDITATIONS GABRIELA SILK September 17, 2021 Cloud Security, Uptycs UPTYCS EXPANDS SUPPORT TO INCLUDE AMAZON GRAVITON RYAN MACK September 2, 2021 Cloud Security, Threat Hunting LOLBINS: UNDERSTANDING THE SILENT OPERATIONS OF ATTACKERS UPTYCS THREAT RESEARCH September 1, 2021 Compliance, Tech Insights THE IMPACT OF BIDEN'S EO ON CYBERSECURITY: TRANSFORMING VENDOR RISK MANAGEMENT KELLEY KIRBY August 31, 2021 Osquery, Open Source MAXIMIZING RESOURCE UTILIZATION AT SCALE: OSQUERY OPTIMIZATION TECHNIQUES JEREMY COLVIN August 20, 2021 Endpoint Security, EDR, Uptycs, XDR UPTYCS PROTECT: REVOLUTIONIZING RESPONSE FOR MODERN CSIRT TEAMS TYSON SUPASATIT August 10, 2021 Threat Hunting, Threat Research CRYPTOMINER ELFS EXPLOIT MSR FOR ENHANCED MINING OPERATIONS UPTYCS THREAT RESEARCH August 5, 2021 Cloud Security 7 LEADING CONCERNS IN CLOUD SECURITY BRIAN THOMAS July 30, 2021 Cyber Security Strategy IS BIDEN'S EXECUTIVE ORDER A HOLLOW PLAN OR CORNERSTONE FOR PROGRESS? KELLEY KIRBY July 28, 2021 Cloud Security CLOUD WORKLOAD SECURITY BEST PRACTICES: ENSURING ROBUST PROTECTION IN THE CLOUD BRIAN THOMAS July 22, 2021 Cloud Security SECURING THE CLOUD: AN EXAMINATION OF ITS SAFETY MEASURES BRIAN THOMAS July 16, 2021 Cloud Security CLOUD NATIVE: EXPLORING THE MEANING AND BENEFITS OF A MODERN CLOUD PARADIGM BRIAN THOMAS July 9, 2021 Threat Hunting, Threat Research MACOS: BASHED APPLES OF SHLAYER & BUNDLORE ASHWIN VAMSHI July 8, 2021 Threat Hunting, Endpoint Security UNVEILING EVASIVE TECHNIQUES EMPLOYED BY MALICIOUS LINUX SHELL SCRIPTS UPTYCS THREAT RESEARCH July 1, 2021 Cloud Security 6 SUGGESTIONS FOR ASSESSING A CLOUD SECURITY SYSTEM BRIAN THOMAS June 25, 2021 Cloud Security 6 MUST-HEAR PODCASTS ON CLOUD SECURITY YOU SHOULD FOLLOW BRIAN THOMAS June 24, 2021 Cloudquery BRIDGING CLOUD CYBERSECURITY GAPS: LEVERAGING SELECT * FOR YOUR CLOUD & JOINING ACROSS THE STACK TYSON SUPASATIT June 18, 2021 Cloud Security, Featured 15 ESSENTIAL CYBERSECURITY FILMS FOR CLOUD SECURITY EXPERTS BRIAN THOMAS June 15, 2021 Osquery, Cloud Security, Cyber Security Strategy 2021 RSA EVENT SUMMARY REPORT SUDARSAN KANNAN June 3, 2021 Threat Research SIMPS BOTNET UNCOVERED, UNVEILING CONNECTIONS TO KEKSEC GROUP UPTYCS THREAT RESEARCH May 17, 2021 Threat Hunting, Endpoint Security LINUX COMMANDS & UTILITIES COMMONLY USED BY ATTACKERS PRITAM SALUNKHE May 7, 2021 Osquery, Threat Management, Endpoint Security WHEN GATEKEEPER TURNS A BLIND EYE: ALERTING ON THE LATEST MACOS VULNERABILITY BEN MONTOUR April 29, 2021 MITRE ATT&CK, Detection, EDR MEASURABLE DETECTION & RESPONSE: MITRE ENGENUITY’S ATT&CK EVALUATIONS FOR CARBANAK+FIN7 TYSON SUPASATIT April 21, 2021 CODE REUSE: MIRAI'S INFLUENCE ON GAFGYT MALWARE SIDDHARTH SHARMA April 15, 2021 Malware, Threat Intelligence, Threat Research EXCEL 4 MACROS DETECTED IN ICEDID CAMPAIGN: ADDING A NEW TWIST UPTYCS THREAT RESEARCH April 7, 2021 Osquery, AWS, YARA, Augeas, Container Security UNVEILING SECRETS: MITIGATING CREDENTIAL LEAKAGE RISK THROUGH AWS ACCESS KEY INVENTORY SESHU PASAM April 1, 2021 Cloud Monitoring, Cloud Security, Cloud Compliance UNDERSTANDING THE DISTINCTIONS: CASB, CWPP, CSPM & CNAPP IN CLOUD SECURITY TYSON SUPASATIT March 23, 2021 Cloud Monitoring, Cloud Security, Workload CWPP (CLOUD WORKLOAD PROTECTION PLATFORM): ESSENTIAL INFORMATION & INSIGHTS TYSON SUPASATIT March 10, 2021 Osquery, AWS, Fargate, Container Security LEVERAGING UPTYCS & OSQUERY TO FORTIFY SECURITY FOR AWS FARGATE CONTAINERS ON ECS SESHU PASAM March 8, 2021 Osquery, Docker Security, Container Security USING OSQUERY & UPTYCS TO DETECT DOCKER ESCAPES ADHOKSHAJ MISHRA March 1, 2021 Osquery, Endpoint Security, Detection DETECTING SILVER SPARROW MACOS MALWARE USING UPTYCS BEN MONTOUR February 25, 2021 EDR, Threat Research MALICIOUS DOCUMENT TECHNIQUES, TARGETS & ATTACKS: EMERGING TRENDS UPTYCS THREAT RESEARCH February 11, 2021 Osquery, Container Security INITIATING CONTAINER SECURITY WITH OSQUERY: A BEGINNER'S GUIDE RYAN MACK February 8, 2021 Osquery, Cloud Monitoring, Cloud Security, Cloudquery STREAMLINE CLOUD MONITORING WITH CLOUDQUERY & OSQUERY FOR ENHANCED SIMPLICITY AMOL PATIL February 3, 2021 Threat Hunting, Vulnerability Assessment, Threat Management, EDR DETECTING SUDO LOCAL PRIVILEGE ESCALATION (CVE-2021-3156) WITH OSQUERY & UPTYCS AMIT MALIK January 29, 2021 Osquery, Kubernetes, Orchestration, Kubequery, Container Security KUBEQUERY: EMPOWERING KUBERNETES CLUSTERS WITH THE CAPABILITY OF OSQUERY SESHU PASAM January 29, 2021 EXPLORING LATERAL MOVEMENT CORRELATION IN UPTYCS EDR AMIT MALIK January 28, 2021 Osquery EXPLORING THE FUTURE OF OSQUERY: A CONVERSATION WITH ENTERPRISE SECURITY WEEKLY TYSON SUPASATIT January 21, 2021 Osquery, AWS YOU SHOULD BE USING AWS IMDSV2: HERE’S WHY & HOW TO DO IT SESHU PASAM January 19, 2021 Cloud Monitoring, Cloud Security ENHANCING CLOUD SECURITY POSTURE THROUGH CONTINUOUS MONITORING OF CLOUD INFRASTRUCTURE TYSON SUPASATIT January 13, 2021 Threat Research WARZONE RAT DEPLOYED BY CONFUCIUS APT UPTYCS THREAT RESEARCH January 12, 2021 Threat Management, Detection, EDR, Threat Research, Incident Response TARGETING USERS IN SOUTH AMERICA: REVENGE RAT ABHIJIT MOHANTA December 29, 2020 Osquery, Incident Investigation, Detection, EDR USING OSQUERY & UPTYCS TO DETECT THE SOLARWINDS SUPPLY CHAIN ATTACK AMIT MALIK December 17, 2020 Osquery Tutorial, Osquery, Incident Investigation, Threat Hunting, Threat Intelligence, Security Analytics, Endpoint Security, SQL, Telemetry OSQUERY: WHAT IT IS, HOW IT WORKS & HOW TO USE IT MARK KNOWLES December 8, 2020 Osquery Tutorial, Osquery, Compliance ENFORCING IT COMPLIANCE WITH OSQUERY: MONITORING THIRD-PARTY SYSTEM EXTENSIONS ERIC KAISER December 3, 2020 Vulnerability Assessment, Threat Management, Threat Research WARZONE RAT UNLEASHES UAC BYPASS TECHNIQUE ABHIJIT MOHANTA November 25, 2020 Endpoint Security, MITRE ATT&CK, Detection, EDR UPTYCS EDR FOR LINUX: DETECTION & VISIBILITY ALL THE WAY THROUGH AMIT MALIK November 17, 2020 Incident Investigation, Endpoint Security, MITRE ATT&CK, Detection FAST, CONSOLIDATED, & CONTEXT-RICH DETECTIONS FROM UPTYCS WILL KEEP SECURITY ANALYSTS SANE TYSON SUPASATIT November 11, 2020 Osquery Tutorial, Osquery, Configuration, Augeas, Container Security HARNESSING THE POWER OF AUGEAS WITH OSQUERY: UNLOCKING ACCESS TO CONFIGURATION FILES ACROSS NUMEROUS APPLICATIONS RYAN MACK October 13, 2020 Osquery Tutorial, Osquery, User Security VERIFYING DISK ENCRYPTION ON MAC, LINUX, AND WINDOWS: OSQUERY TUTORIAL JUSTIN MITZIMBERG September 15, 2020 Osquery Tutorial, Osquery OSQUERY TUTORIAL: EVALUATING CHROME EXTENSION PERMISSIONS GUILLAUME ROSS August 17, 2020 Vulnerability Assessment, Threat Management, Endpoint Security, Cybersecurity UTILIZING UPTYCS' AUDIT & DETECTION FEATURES FOR BOOTHOLE REMEDIATION SESHU PASAM August 7, 2020 Osquery, Data, Telemetry, Automation, Orchestration INTEGRATED SECURITY PROGRAMS: THE 4 PILLARS UPTYCS August 3, 2020 Osquery Tutorial, Osquery, Compliance COLLECTING SOFTWARE INVENTORY INFORMATION: OSQUERY TUTORIAL GUILLAUME ROSS July 23, 2020 Osquery, Threat Management, Endpoint Security, User Security, SQL HANDLING THE CRITICAL REMOTE CODE EXECUTION VULNERABILITY IN WINDOWS DNS SERVER: CVE-2020-1350 JUSTIN MITZIMBERG July 16, 2020 Osquery, Compliance, SQL, YARA, Cybersecurity 3 EFFECTIVE METHODS OSQUERY ASSISTS IN SECURITY COMPLIANCE MAC SLOCUM July 13, 2020 Osquery, Goquery, Remote Investigation ACCELERATING & SECURING REMOTE INVESTIGATIONS WITH GOQUERY & UPTYCS CARL VINCENT June 23, 2020 Osquery, Cloud Security, Security Analytics, Announcement, Uptycs UPTYCS ANNOUNCES SERIES B FUNDING GANESH PAI June 17, 2020 Malware, Open Source, Threat Hunting, Threat Intelligence, Endpoint Security OSQUERY & JA3: DETECTING MALICIOUS ENCRYPTED CONNECTIONS LOCALLY GUILLAUME ROSS June 2, 2020 Osquery, Cloud Compliance, Endpoint Security, AWS LEVERAGING AWS NITRO ARCHITECTURE FOR KUBERNETES: ENCRYPTING INTER-NODE TRAFFIC JULIAN WAYTE May 7, 2020 Osquery, Cybersecurity UNDERSTANDING SOC 2 COMPLIANCE REQUIREMENTS: KEY KNOWLEDGE FOR SECURITY AUDITS AMBER PICOTTE May 5, 2020 Osquery Tutorial, Threat Intelligence, Endpoint Security MACOS BUNDLORE: EXAMINING POTENTIAL NEW CODE WITHIN OLD ADWARE AMIT MALIK April 14, 2020 Osquery, Cloud Monitoring, Docker Security, Container Security USING OSQUERY TO DETECT DOCKER CONTAINER MALWARE AMIT MALIK April 13, 2020 Docker Security 8 DOCKER SECURITY BEST PRACTICES: OPTIMIZING YOUR CONTAINER ENVIRONMENT AMBER PICOTTE April 10, 2020 Allowlist UTILIZING ANOMALY DETECTION FOR APPLICATION ALLOWLISTING PAT HALEY April 2, 2020 Endpoint Security 5 BEST PRACTICES FOR OPTIMIZING YOUR SECURITY WITH ENDPOINT VISIBILITY PAT HALEY March 31, 2020 Threat Intelligence, Security Analytics, Endpoint Security CONSIDERING NEWLY REGISTERED DOMAINS FOR BLOCKLISTING: AN ANALYSIS AMIT MALIK March 24, 2020 Endpoint Security HOW TO ACHIEVE PCI-COMPLIANT FIM & ENDPOINT SECURITY WITH ONE TOOL PAT HALEY March 10, 2020 Endpoint Security, User Security THE IMPORTANCE OF EMBRACING USER-FOCUSED SECURITY: ENHANCING PROTECTION & EMPOWERING USERS AMBER PICOTTE February 18, 2020 Osquery Tutorial, Osquery, Endpoint Security WINDOWS OSQUERY DEPLOYMENT VIA GPO (GROUP POLICY OBJECTS): A STEP-BY-STEP GUIDE GUILLAUME ROSS February 13, 2020 Cloud Security CLOUD COMPUTING: TOP INTRUSION DETECTION TECHNIQUES AMBER PICOTTE February 6, 2020 Endpoint Security 21 TOP INFRASTRUCTURE SECURITY LINUX RESOURCES AMBER PICOTTE February 4, 2020 STAY IN THE LOOP Get regular updates on all things Uptycs— from product updates to expert articles and much more FOLLOW US * * * * PRODUCTS * Why Uptycs * XDR * CNAPP * CWPP * CSPM * CIEM * CDR BY ATTACK SURFACE: * AWS * Azure * Google Cloud * Containers and Kubernetes * Endpoints BY USE CASE: * Detection and Response * Threat Hunting * CSIRT * Vulnerability Scanning * Compliance SERVICES * Managed Services (MDR) * Support and Professional Services * Training and Education PARTNERS * Partner Overview CLOUD SERVICE PROVIDERS: * AWS * Azure * Google Cloud SERVICES * Managed Services (MDR) * Support and Professional Services * Training and Education PARTNERS * Partner Overview CLOUD SERVICE PROVIDERS: * AWS * Azure * Google Cloud RESOURCES * Blog * Resource Library * Upcoming Events COMPANY * About Us * Careers * Security Practices * Contact Us * Press and News © 2023 Uptycs. All rights reserved. * Privacy Policy * Security Practices * Contact Us word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word mmMwWLliI0fiflO&1 mmMwWLliI0fiflO&1 mmMwWLliI0fiflO&1 mmMwWLliI0fiflO&1 mmMwWLliI0fiflO&1 mmMwWLliI0fiflO&1 mmMwWLliI0fiflO&1