Tag

#Initial Access

4 articles covering Initial Access across campaign analysis, detection engineering, and defender tradecraft.

Coverage

4 entries

Field Analysis

Dual UseTradecraft LabsJun 7, 20268 min read

The Procedure Is the Threat: Why an Intrusion's Shape Outlives Its Toolkit

Runtimes, platforms, and brands rotate every quarter. The six handoffs that move a victim from manufactured urgency to durable persistence have barely changed in five years, and they are what defenders can actually build for.

By PhishPond Desk

Field Analysis

Dual UseTradecraft LabsMay 20, 20269 min read

MuddyWater's Teams Playbook: Screen-Share Credential Theft Behind a False Flag

An Iranian actor opened an intrusion with a Microsoft Teams chat request and a screen-sharing session, harvested credentials live, then staged ransomware as cover for a state-backed operation.

APT Methods Watch: Geofenced Lures, ClickFix, and Supply Chain Trust

Recent actor reporting points to a practical trend line: adversaries are combining selective delivery, user-driven execution, and trusted developer channels.

RMM Phishing Turns the Click Into Remote Access

Recent campaigns using SimpleHelp and ScreenConnect show how phishing can skip credential theft and move straight to persistent endpoint control.

#Initial Access

Coverage

Browse Other Tags