RSS
Security Operations
Threat Research
active adversary
Active Adversary Report
Compromised Credentials
detection
dwell time
Featured
impact
incident response
LOLBIN
MFA
Monitoring
RDP
Remote Ransomware
root cause
It takes two: The 2025 Sophos Active Adversary Report
IR
LoLBINs
MDR
The Bite from Inside: The Sophos Active Adversary Report
Credentials
featured
Privacy
qilin
Ransomware
Qilin ransomware caught stealing credentials stored in Google Chrome
AnyDesk
mad liberator
malware
Social engineering
Don’t get Mad, get wise
Sophos X-Ops
RD Web Access abuse: Fighting back
Products & Services
CIR
NCSC
Sophos IR
Sophos Incident Response achieves NCSC Certified Incident Response (CIR) Level 2 status
data extraction
DFIR
Encryption
virtual machine
Extracting data from encrypted virtual disks: six seven methods
Case Study
It’s Oh So Quiet (?): The Sophos Active Adversary Report for 1H 2024
Incident response tools
Remote Desktop Protocol: The Series