How Saffron Starling delivers malware & evades detection

Описание: In this session, Keith and Dave are joined by Principal Security Researcher Brian Donohue as they discuss Saffron Starling, a threat we’ve been tracking for years, but one that has recently regained momentum.

Reintroducing Saffron Starling 2:35
Malware it delivers 3:44
How it works 6:31
Observables 15:53
High-level overview 17:02
Stop with the ZIPs 17:47
Use GPOs 23:09
Other trickery 27:12

💬 How is your organization handling the risks associated with ZIP file phishing and script-based malware like Saffron Starling? Are you blocking ZIPs, restricting script execution, or using other detection methods? Let us know in the comments!

🔗 Register for the weekly video series: https://redcanary.com/resources/webin...

Follow us:
  / redcanary  
  / redcanary  
---
Red Canary stops cyber threats no one else does, so organizations can fearlessly pursue their missions. We do it by delivering managed detection and response (MDR) across enterprise endpoints, cloud workloads, network, identities, and SaaS apps. As a security ally, we define MDR in our own terms with unlimited 24×7 support, deep threat expertise, hands-on remediation, and by doing what’s right for customers and partners.
Subscribe to our YouTube channel for frequently updated, how-to content about Atomic Red Team, threat hunting in security operations, MDR or Managed Detection and Response, and using the MITRE ATT&CK® framework.
#phishing #javascript #saffronstarling #darkgate #danabot