
Andreas Klopsch
Andreas Klopsch (@hackingump1), a threat researcher at Sophos, is currently completing a master's degree in cybersecurity at the Institute of IT Security at the Westfällische Hochschule in Gelsenkirchen.
Content by Andreas Klopsch

Threat Research
BlackCat
BURNTCIGAR
Cuba
EDR
EDR killer
kernel driver
leaked certificate
Lockbit
Medusa
PoorTry
RansomHub
Ransomware
signature
signed driver
StoneStop
Attack tool update impairs Windows computers
August 27, 2024

Threat Research
BYOVD
EDR
EDR killer
EDRKillShifter
Featured
Ransomware
Ransomware attackers introduce new EDR killer to their arsenal
August 14, 2024

Threat Research
Backdoor
certificate
Featured
proxy
Sophos X-Ops
Smoke and (screen) mirrors: A strange signed backdoor
April 9, 2024

Threat Research
AuKill
BlackByte
BYOVD
Cybercrime Forums
drivers
Featured
Ransomware
Sophos X-Ops
terminator
zam
It’ll be back: Attackers still abusing Terminator tool and variants
March 4, 2024

Threat Research
CVE-2023-6330
CVE-2023-6331
CVE-2023-6332
drivers
Featured
panda software
Sophos X-Ops
Multiple vulnerabilities discovered in widely used security driver
January 25, 2024

Threat Research
act
Active Adversary
anti-EDR
AuKill
backstab
EDR
EDR killer
Featured
malware
Process Explorer
procexp
Sophos X-Ops
targeted attacks
‘AuKill’ EDR killer malware abuses Process Explorer driver
April 19, 2023

Security Operations
Threat Research
2022-12
ADV220005
BURNTCIGAR
BYOVD
Cuba ransomware
Driver Signature Enforcement
drivers
Featured
Patch Tuesday
SBOM
signed drivers
Sophos X-Ops
supply chain compromise
WHCP
WHQL
Windows
x-ops
Signed driver malware moves up the software trust chain
December 13, 2022

Threat Research
BlackByte
EDR
Featured
Ransomware
Sophos X-Ops
Remove All The Callbacks – BlackByte Ransomware Disables EDR Via RTCore64.sys Abuse
October 4, 2022

Products & Services
emotet
obfuscation
SecOps
Security Operations
Attacking Emotet’s Control Flow Flattening
May 4, 2022