Our Latest Resources
Explore our cybersecurity white papers, data sheets, webinars, videos and more.
-
Research
A Deep Dive Into A Posh C2 Implant
February 19, 2023PoshC2 is an open-source C2 framework used by penetration testers and threat actors. It can generate a Powershell-based implant, a C#.NET implant that we analyze in this paper, and a Python3 implant.
More Details -
White Paper
Applying Machine Learning To Optimize The Correlation Of Securityscorecard Scores With Relative Likelihood Of Breach
October 15, 2020We conducted a study, investigating the use of Machine Learning (ML) to tune the weighting of each of the risk factors so that the total score is optimally correlated with the relative likelihood of incurring a data breach. Download the white paper to learn more.
More DetailsBob Sohval, PhD
Security Ratings -
Data Sheet
How Do Security Ratings Work?
October 15, 2020SecurityScorecard provides transparency into our ratings methodology and delivers insights into how it aligns with industry standards. Understand the principles, methodology, and process behind how our cybersecurity ratings work.
More DetailsSecurity Ratings -
Research
How To Analyze Java Malware – A Case Study Of Strrat
May 3, 2023STRRAT is a Java-based malware that executes multiple commands transmitted by the C2 server. The JAR file was obfuscated using the Allatori obfuscator. It establishes persistence on the host by copying to the Startup folder and creating a scheduled task and a Run registry entry.
More Details -
Research
Reduce Cyber Risk with the Predictive Power of Security Ratings
March 21, 2023The Marsh McLennan Global Cyber Risk Analytics Center and SecurityScorecard have come together to study how cybersecurity ratings correlate with reduced cyber insurance risk.
More DetailsCyber Insurance -
Research
A Technical Analysis Of The Quasar Forked Rat Called Void Rat
July 17, 2023VoidRAT is based on the open-source RAT called Quasar. The malware steals information from web browsers and applications such as FileZilla and WinSCP. It also implements a keylogger functionality that saves and exfiltrates the pressed keys.
More Details -
Ebook
Addressing the Trust Deficit in Critical Infrastructure
January 13, 2023Despite a decade or more of increased focus on cybersecurity in boardrooms, legislatures, and the media, cyber resilience is getting worse, not better. Increasing cyberattacks and highly publicized breaches have undermined the public’s trust in the resilience of our societies, prompting business leaders and lawmakers worldwide to seek solutions for a mounting trust deficit.
More Details -
White Paper
Cactus Ransomware
October 20, 2023More DetailsAttack Surface Management, Cyber Insurance, Cyber Threat Intelligence, Enterprise Cyber Risk, Supply Chain Cyber Risk