Blog

Threat Research

The Logging Dead: Two Event Log Vulnerabilities Haunting Windows

Dolev Taler

Dolev Taler

You don’t have to use Internet Explorer for its legacy to have left you vulnerable to LogCrusher and OverLog, a pair of Windows vulnerabilities discovered by the Varonis Threat Labs team.

Fighting Golden Ticket Attacks with Privileged Attribute Certificate (PAC)

Masha Garmiza

Masha Garmiza

Learn how and why to control the Active Directory Environment state with PACRequestorEnforcement, the implications of doing so and how to detect Golden Ticket attacks happening in your network.

Anatomy of a SolidBit Ransomware Attack

Jason Hill

Jason Hill

Solidbit is a ransomware variant derived from Yashma and containing elements of LockBit. Discover how Solidbit's capabilities, execution, what file types it targets, and how to tell if you're been infected.

Anatomy of a LockBit Ransomware Attack

Joseph Avanzato

Joseph Avanzato

A detailed case study of the exact techniques and methods that threat actors used in a real-life ransomware attack.

Rogue Shortcuts: LNK'ing to Badness

Jason Hill

Jason Hill

Learn how threat actors continue to manipulate Windows shortcut files (LNKs) as an exploit technique.

Spoofing SaaS Vanity URLs for Social Engineering Attacks

Tal Peleg

Tal Peleg

SaaS vanity URLs can be spoofed and used for phishing campaigns and other attacks. In this article, we’ll showcase two Box link types, two Zoom link types, and two Google Docs link type that we were able to spoof.

Hive Ransomware Analysis

Nadav Ovadia

Nadav Ovadia

Learn how Hive ransomware exploits public servers, spreads through your network, encrypts sensitive files, and exports victims for cryptocurrency.

Defending Your Cloud Environment Against LAPSUS$-style Threats

Nathan Coppinger

Nathan Coppinger

Varonis breaks down the recent LAPSUS$ hacks and provides best practices for defending your cloud environment against LAPSUS$ style threats

SID injection attack

Is this SID taken? Varonis Threat Labs Discovers Synthetic SID Injection Attack

Eric Saraga

Eric Saraga

A technique where threat actors with existing high privileges can inject synthetic SIDs into an ACL creating backdoors and hidden permission grants.

ContiLeaks: Ransomware Gang Suffers Data Breach

Jason Hill

Jason Hill

Conti, a prolific ransomware group, has suffered a leak of both internal chat transcripts and source code being shared by a reported Ukrainian member

Ransomware Year in Review 2021

Varonis Threat Labs

Varonis Threat Labs

In this post, we dive into six ransomware trends that shaped 2021.

Using Power Automate for Covert Data Exfiltration in Microsoft 365

Eric Saraga

Eric Saraga

How threat actors can use Microsoft Power Automate to automate data exfiltration, C2 communication, lateral movement, and evade DLP solutions.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.