What You Need to Know About OpenSSH Vulnerability and New Vulnerable ScenarioResearchWhat You Need to Know About OpenSSH Vulnerability and New Vulnerable ScenarioBackground on the new OpenSSH vulnerability and how Stairwell can help
Stairwell threat report: Black Basta overview and detection rulesResearchStairwell threat report: Black Basta overview and detection rulesGain an understanding of the Black Basta ransomware-as-a-service, plus YARA rules for detection.
Stairwell threat report: Vulnerable PuTTY SSH libraries (CVE-2024-31497)ResearchStairwell threat report: Vulnerable PuTTY SSH libraries (CVE-2024-31497)An overview of the CVE as well as a list of software not previously mentioned in the NIST advisory.
Threat report: xz backdoorResearchThreat report: xz backdoorHow Stairwell users have insight into xz backdoor in their organizations, pIus IOCs & YARA rules.
Proactive response: AnyDesk, any breachResearchProactive response: AnyDesk, any breachAmong rumors of an AnyDesk breach, we developed YARA rules and hunting methods to help customers.
Technical analysis: The silent torrent of VileRATResearchTechnical analysis: The silent torrent of VileRATA technical overview of VileRAT & the group thought to be behind it, as well as IoCs and more.
Signed, sealed, but not always secure: Rethinking trust in digitally-signed certificatesResearchSigned, sealed, but not always secure: Rethinking trust in digitally-signed certificatesResearch and an in-depth look at the double-edge swords that are digitally-signed certificates.
Kuiper ransomware analysis: Stairwell’s technical reportResearchKuiper ransomware analysis: Stairwell’s technical reportA detailed technical analysis of an obtained copy of Kuiper ransomware.
Stepping into the unknown: Uncovering espionage malware with Stairwell Variant DiscoveryResearchStepping into the unknown: Uncovering espionage malware with Stairwell Variant DiscoveryUsing Stairwell's Variant Discovery tool to expand on threat research shared by ESET.
Security alert enrichment: ShadowPad variantsResearchSecurity alert enrichment: ShadowPad variantsThe Stairwell Threat Research team shares variants and queries for ShadowPad variant samples.
Akira: Pulling on the chains of ransomwareResearchAkira: Pulling on the chains of ransomwareStairwell researchers recovered a directory that had been publicly exposed. Here's what they found.
CVE-2023-3519: Stairwell identifies previously unseen attack methodsResearchCVE-2023-3519: Stairwell identifies previously unseen attack methodsDetails on previously unseen threats regarding Citrix CVE-2023-3519.
ChamelGang and ChamelDoH: A DNS-over-HTTPS implantResearchChamelGang and ChamelDoH: A DNS-over-HTTPS implantThe first in a series detailing the capabilities of various tools in ChamelGang's arsenal.
Security alert enrichment: Terminator endpoint defense evasion toolResearchSecurity alert enrichment: Terminator endpoint defense evasion toolAn alert enrichment to the report created by CrowdStrike on Terminator.
Jasper the unfriendly loaderResearchJasper the unfriendly loaderThe analysis of JasPer Loader, a trojanized Dynamic Link Library (DLL) file.