Nov. 20, 2023, 9:06 a.m. | MalBot

Malware Analysis, News and Indicators - Latest topics

Author: Alex Jessop (@ThisIsFineChief)



This post will delve into a recent incident response engagement handled by NCC Group’s Cyber Incident Response Team (CIRT) involving the Ransomware-as-a-Service known as NoEscape.

Below provides a summary of findings which are presented in this blog post: 

  • Initial access gained via a publicly disclosed vulnerability in an externally facing server

  • Use of vulnerable drivers to disable security controls

  • Remote Desktop Protocol was used for Lateral Movement

  • Access persisted through tunnelling RDP over SSH …

alex as-a-service author blog caught cirt cyber cyber incident cyber incident response cyber incident response team engagement fantasy findings incident incident response incident response team life malware analysis ncc ncc group noescape ransomware real response service team

Security Specialist

@ Protect Democracy | Remote, US

Cybersecurity Systems Security Engineer II-T

@ ManTech | 809AR - Ft Carson,Colorado Springs,CO

Security Engineer (Supporting NASA at JSC)

@ KBR, Inc. | USA, Houston, 2101 NASA Parkway, Building 21, Texas

Head of Security & IT

@ ORFIUM | Dublin, County Dublin, Ireland

Chief Privacy Officer

@ Nike | Santa Clara,CA

Security Engineer

@ SPINS | Chicago, IL