June 12, 2024

RD Web Access abuse: Fighting back

Investigation insights and recommendations from a recent welter of incident-response cases

Security OperationsThreat Research

April 03, 2024

It’s Oh So Quiet (?): The Sophos Active Adversary Report for 1H 2024

The latter half of 2023 found numerous fronts on which attackers failed to press ahead. Are defenders failing to take advantage?

Threat Research

March 20, 2024

Remote Desktop Protocol: The Series

What is RDP, why is it a very nearly ubiquitous finding in incident response, and how can investigators run it to ground it when it goes wrong? An Active Adversary Special Report

Security OperationsThreat Research

November 14, 2023

The song remains the same: The 2023 Active Adversary Report for Security Practitioners

The remarkable decline in attacker dwell time is now well-documented, but what does that mean for those doing the hands-on work of infosecurity?

Threat Research

August 23, 2023

Time keeps on slippin’ slippin’ slippin’: The 2023 Active Adversary Report for Tech Leaders

A deep dive into incident-response cases from the first half of this year finds both attackers and defenders picking up the pace

Threat Research

April 25, 2023

Everything Everywhere All At Once: The 2023 Active Adversary Report for Business Leaders

A deep dive into over 150 incident-response cases reveals both attackers and defenders picking up the pace

Threat Research

August 09, 2022

Multiple attackers increase pressure on victims, complicate incident response

Sophos’ latest Active Adversary report explores the issue of organizations being hit multiple times by attackers

Security OperationsThreat Research

June 22, 2022

Active Adversary Playbook 2022 Insights: Web Shells

Public proofs-of-concept of web shell exploits coincide with major spikes in attacks.

Threat Research

June 07, 2022

Move fast, unbreak things: About the Sophos Active Adversary Playbook 2022

Our latest report shows that the most pleasant way to learn from Rapid Response mayhem is to read about how it worked out for someone else

Security OperationsThreat Research