Tag: EN

BackendTLSPolicy expands Gateway API transport security

BackendTLSPolicy is a Kubernetes resource that allows the specification of additional Transport Layer Security (TLS) encryption in Gateway API. It gives Gateway API users on Red Hat OpenShift access to the same level of secured traffic as the OpenShift route…

Finding Initial Access

I recently ran across a comment from a SOC manager on social media that said, “Finding initial access is difficult.” I thought about it for a moment, and had to ask, “why is that?” For context, I transitioned from military…

Anubis Ransomware Gang Attacks Again, Exploit Remote Access

Hackers linked with Anubis ransomware operation were found abusing the Citrix Bleed 2 (CVE-2025-5777) flaw to find initial access.  According to Arctic Wolf, the techniques vary among different affiliates, and few patterns surfaced in tradecraft via authentic Remote Management and…

Rigor in Threat Intel

I’m just going to say it. IOCs are not “threat intel”.  Lists of IP addresses and domain names, without context, are data points and information, not “intel”. Threat intel is based on patterns developed from the accumulation/aggregation of data. In…

LNK Files in CTI

There’s a good bit of file analysis that goes into CTI reports, including (but not limited to) malware analysis. But for some reason, not all files appear to be worthy of parsing and analysis. We also tend to see in-depth…