CX Hunting for empowering your security teams, a case study on suspicious files in root directories

Malware authors of all calibers are frequently looking for new ways to remain unnoticed on a system. Where they are allowed to persist and what their intended purpose is can be factors in this decision, and with UAC bypass being prevalent[1] in just about every version of supported Windows, this decision can be broader. A […]

The Splunk Hunters Toolbox – Part Deux

Okay, you have installed Splunk and have mastered SPL, somehow wrangled enough Splunk forwarders on your network, and divine intervention allowed your hot/warm/cold mounts to actually work on your network storage, now what (besides 7 days in Ibiza)? For those who will be working with data, I recommend installing first and third party apps from […]

The Splunk Hunters Toolbox

As someone who stares at (and sometimes manipulates) data all day, you come to realize that most of your time is spent organizing, munging, and collecting data, rather than doing math stuff to it. In Splunk, a lot of this is taken care of by our awesome Splunk admins or Splunk apps, so the data […]

Examining and Detecting the Doppelganging Malware Evasion Technique

Code injection methods allow an attacker to use flaws in a system or software design to run malicious code, usually without any indication to a user that something bad is happening. These methods continue to evolve at a rapid pace and are using increasingly sophisticated and stealthy methods to circumvent security solutions and evade detection. […]

The CorrelationX Research Team

WE RESEARCH, WE DEVELOP, WE TEST…YOU WIN. Our world-class security research team is constantly reverse-engineering new malware and simulating current exploits and adversary tactics to drive groundbreaking content development. We thrive on analyzing new threat actor techniques and identifying their unique characteristics that can be used to create enhanced detection methods across dozens of data […]