Threat Hunting//
Threat Hunting Case Study: FileFix
FileFix bypasses Mark of the Web (MotW) protections by hijacking the Windows File Explorer address bar. Here is how to hunt for it.
Patching remains one of the most difficult security tasks organizations face. Zero-day vulnerabilities may catch the headlines, but the truth is most organizations are caught out by n-day vulnerabilities where patches have been available for some time. The U.S. Cybersecurity and Infrastructure Security Agency has tried to simplify patching efforts by publishing the Known Exploited Vulnerabilities list, or KEV. The KEV is a list of vulnerabilities under active exploitation, and federal agencies have two weeks to patch ones on the list. In this edition of Studio 471, Patrick Garrity of Nucleus Security shares the effects of the KEV list across the security industry, his research into the KEV and how threat intelligence can guide patching efforts.
Participants:
Patrick Garrity, Researcher and Vice President of Marketing, Nucleus Security
Jeremy Kirk, Executive Editor, Cyber Threat Intelligence, Intel 471
