@cyb3rops @nextronresearch This is the same for most major APT malware. AV detects nothing and THOR detects in advance.

@cyb3rops @nextronresearch based on the name/description of the rules false positives would be a more interesting metric to evaluate them by.

@cyb3rops @nextronresearch Static scanners stay quiet, behavioral engines scream. THOR doesn’t look for malware it looks for malice. Sometimes noise is the only honest signal left.

@cyb3rops @nextronresearch Is nextron deciding that particular patterns are affiliated with APTs or are they patterns made from content declared as APT stuff by other companies?

I see that Google's suggested design for building apps that are "resilient to cloud infrastructure outages" here literally just means that you choose to rely on the same tech from the same cloud provider but across two regions. 😄Okay.

I'm playing around with the "Controlled Folder Access" feature in Microsoft Defender because we saw the following alert during a recent incident response case: C:\Windows\System32\mstsc.exe has been blocked from modifying %userprofile%\Documents\ by Controlled Folder Access.

Picked up a new toy over the weekend, determined not to get snowed in this winter 🤘

The U.K.'s water suppliers have reported five cyberattacks since January 2024, according to information reviewed by Recorded Future News. The incidents did not affect the safety of water supplies, but they highlight an increasing threat https://therecord.media/britai...