Category: DFIR Lab – Binalyze

Focus investigations with MITRE ATT&CK insights

Last updated: 29th May 2024

 

Integrate automated evidence analysis and mapping into your investigations

Understanding an attacker’s behavior and the tactics, techniques and procedures (TTPs) they use is vitally important to any investigation – it provides critical context that allows for more efficient and effective investigations. This context informs what response actions are appropriate, and improves short, and long-term, response outcomes.  

Offline collection with AIR

The reality of modern incident response is that it’s not always possible to remotely connect with every one of your endpoints. Some assets are required to be standalone and others, such as laptops, some may have become faulty, and others may have been removed as they have been compromised by – or are actively under attack from – the very breach you want to investigate. 

The OneNote malware attack – A retrospective

At Binalyze we’re always actively monitoring for the latest exploits and attack vectors. We’re also in constant conversation with our customers, discussing threats in the wild and sharing best practice. 

In this article, we’re going to discuss the surge in Microsoft OneNote malware attack vectors that started popping up towards the end of January this year, and the potential threat they continue to pose for enterprise security.