Cyborg Labs
Featured Post

Threat Hunt Deep Dives: User Account Control Bypass Via Registry Modification
User Account Control (UAC) Bypass is a clever method that can be used for privilege escalation either manually or via scripts and can be exploited

Threat Hunt Deep Dives: User Account Control Bypass Via Registry Modification
User Account Control (UAC) Bypass is a clever method that can be used for privilege escalation either manually or via scripts and can be exploited

Ransomware: Hunting for Inhibiting System Backup or Recovery
Ransomware continues to be a hot button issue for organizations around the world. APT actors, commodity malware operators and even attackers who had never used

Living off the Land (LotL) – RDP Hijacking
In this instalment of Cyborg Security’s latest series “Living off the Land,” we will cover the topic of RDP hijacking. Specifically, we will look at

Living off the Land (LotL) – Downloading Files on Microsoft Windows
Cyborg Security is starting an exciting new series of threat hunting videos dedicated to the practice of Living off the Land (LotL)! Living off the

Threat Hunt Deep Dives: Apache Struts RCE (CVE-2020-17530)
Late last year, an Apache Struts Remote Code Execution (RCE) vulnerability (CVE-2020-17530) was discovered. In Apache Struts versions 2.0.0 – 2.5.25 a forced Object Graph

Hunting for Persistence: Registry Run Keys / Startup Folder
A core tenant for malware authors and threat actors is that persistence is key. Afterall, its reported that only 4 percent of users click on phishing links and attachments.

Threat Hunt Deep Dives: SolarWinds’ Supply-Chain Compromise (Solorigate / SUNBURST Backdoor)
On December 13th 2020, it was unveiled by FireEye that SolarWinds has been impacted by a sophisticated supply chain compromise affecting their SolarWinds Orion software.