This article explores gaps that allow for the undetected execution of code on systems protected by Microsoft Defender Advanced Threat Protection.

Given Office product functionality, it’s possible for adversaries to leverage Outlook's COM interface in attacks for extended persistence.

Even when the hooks are removed, defenders can still leverage other EDR functions, such as host isolation for incident triage or remote.

This post identifies systemic endpoint detection and response issues and examines how attackers can bypass any EDR product.

We’ve seen lots of COVID-19-related work-from-home tips, but how has it affected the attacker?

At approximately 9:30am EDT on 20 March 2018, hacktivist collective, MinionGhost, announced planned cyber attacks against unspecified Asian entities....

Optiv has seen a continuation of attacks based off the usage of CryptoNight miner, in this case likely mining Monero cryptocurrency for the attackers....

In this latest post of my PCI compliance blog series, we will explore Requirement 5, which has four distinct requirements that imply they need to be....

This is an update to the Intelligence Advisory: Petya Ransomware Outbreak - released June 27, 2017. Optiv’s Global Threat Intelligence Center (gTIC)....

Here we go again. Not long ago I updated a blog post containing actionable recommendations to protect your environment from ransomware threats....

Optiv’s Global Threat Intelligence Center (gTIC) received reports from several sources concerning a recent modification to the Petya ransomware strain....