SecOps & Risk mitigation
CyberProof uses OSINT and threat intelligence feeds for visibility into threats.
CyberProof’s adaptable playbooks address continuously evolving threats with updated strategies.
Professionals manage sophisticated networks, leveraging experience to counter advanced threats.
Professionals manage sophisticated networks, leveraging experience to counter advanced threats.
24/7 global SOC support ensures incident response with guaranteed SLA.
24/7 global SOC support ensures incident response with guaranteed SLA.
CyberProof develops recovery plans, restoring capabilities after a cyber incident.
Classify and manage enterprise assets, understanding risks and data sensitivity.
Non-destructive tests uncover potential exploits in assets and applications.
Mitigate security issues early with CyberProof’s training and awareness programs.
Rigorous security assessment for on-premise and cloud applications to ensure protection.
IAM manages user access, monitors for anomalies, ensuring security.
Cloud First approach ensures compliance and security within cloud environments.
Managed service for SIEM, EDR, MXDR, and threat intelligence solutions.
Identify, assess, and mitigate security vulnerabilities through regular scanning.
Partners
See all partners“Today I have complete visibility into the entire environment, in real time”
Jamil Farshchi | Equifax CISO
CyberProof Acquires Interpres Security
By leveraging and integrating the Interpres Security CTEM solution into its security services portfolio, CyberProof is able to continuously identify, assess, and prioritize risk while adapting defense services, like MDR, Vulnerability management and Use case management to address ever evolving threats. Take proactive steps to fortify your security today!
Case Studies
Retail Company Reduces Data Costs by 85% with SIEM Transformation

90% increase in visibility after deploying Microsoft XDR with CyberProof

Enterprise saves millions on data ingestion & storage following cloud migration.
SOC unification streamlines enterprise insurance company’s security & network monitoring operations.
Global medical devices company gains visibility and meets stringent compliance standards across global geos
Pharmaceutical organization significantly enhances threat detection and response times
Threat Alerts
Kimsuky’s Custom RDP Wrapper Enables Persistent Remote Access
Kimsuky’s innovative use of a customized Remote Desktop Protocol (RDP) Wrapper has been highlighted in recent investigations as a key component of its spear-phishing campaigns. Delivered via malicious shortcut files (.LNK), the malware triggers PowerShell or Mshta scripts upon execution, leading to the download of backdoors like PebbleDash and the modified RDP utility, granting attackers remote control over compromised systems
Kimsuky’s customized RDP Wrapper is a key enabler of their remote access operations. Unlike standard implementations, this version modifies an open-source utility to activate remote desktop functionality, even on Windows machines where it is typically unavailable. This capability is further strengthened by proxy malware that bridges internal networks to external systems, bypassing network isolation and ensuring persistent access to the victim’s environment.
Beyond remote access, Kimsuky enhances their operations with complementary malware such as keyloggers and credential stealers. Keyloggers capture sensitive inputs, while credential-stealing tools like “forceCopy” extract browser-stored passwords. This multifaceted approach ensures that Kimsuky can maintain long-term surveillance and ongoing data exfiltration within targeted organizations, demonstrating their evolving capabilities in cyber espionage.
Insecure ASP.NET Keys Lead to Godzilla Post-Exploitation Attack
Recently, researchers observed limited malicious activity by an unattributed threat actor who exploited a publicly available, static ASP.NET machine key to inject malicious code and deliver the Godzilla post-exploitation framework. This incident highlights a dangerous trend in which developers inadvertently incorporate machine keys from public repositories and documentation into their applications. With over 3,000 such keys accessible across various public sources, threat actors can perform ViewState code injection attacks without the need for stolen or purchased credentials.
The attack leverages the ASP.NET ViewState mechanism, which is designed to preserve page and control state using encrypted and validated data. By reusing a known machine key, the attacker crafted a malicious ViewState payload that bypasses integrity checks when processed by the target server, resulting in code execution. In this instance, the payload reflectively loaded an assembly associated with the Godzilla framework, enabling functionalities such as executing malicious commands and injecting shellcode into processes, ultimately providing the attacker with remote code execution capabilities on the affected IIS web server.