CRIMSON
7

Blog

.

APT38’s New Game: Targeting Devs with Fake Coding Challenges

Groups like APT38 (aka Contagious Interview / Famous Chollima), part of North Korea’s Lazarus crew, have been using GitHub in wild new ways—targeting developers directly by posing as legit crypto startups offering coding gigs or interviews. In this post we analyse the case of ForexProvider, a malicious app distributed for skill tests to developer hire targeting financial institutions.

Learn more

Managing Threat Hunting Content via APIs in Sentinel

So there you have it—a tool that turns content management for Threat Hunting in Sentinel into something manageable (dare I say enjoyable? not yet.. but wait the next drop :) ). Whether you’re an IT admin looking to streamline operations or a security analyst diving into threat hunting, these APIs have got your back.

Learn more

Conversion from Sigma Community to KQL that works

We rewrote a Sigma to KQL conversion utility that works, and works with the Sigma Community repository. The rules can be used for Threat Hunting into Sentinel or Microsoft XDR.

Learn more

Bybit hack considerations

The recent Bybit breach is one of the largest crypto heists ever, exposing critical flaws in supply chain security, browser-based attacks, and human-targeted exploits. With Lazarus Group likely behind it, the implications extend far beyond Bybit itself. The article analyses some high-level aspects.

Learn more

PREVIOUS Articles

Fortigate Firewall Leak: Here’s How to Check If Your Org Is Affected

Learn more

Red Team Pentest and Purple Teams

Learn more

Threat Management for Crypto Custodians

Learn more

TI for fun and profit, on a budget!

Learn more

The Critical7 of the Cyber Resilience Act

Learn more

CRIMSON. Newsletter

* By clicking “Subscribe” button, you agree to our Terms and that you have read our Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form