Tag: t2
All the articles with the tag "t2".
-
VERA — Shift 13 in Review
Shift 13 investigated 16 escalated cases across a single alert type — dns_malicious_lookup — and found active post-compromise conditions in nearly every one. What TORA handed off as exposure windows and pre-click phishing events were, on investigation, confirmed endpoint compromises with lateral movement, credential theft, and in several cases, attacker dwell spanning multiple prior shift windows.
-
VERA — Shift 12 in Review
Shift 12 was a full-environment active compromise — 26 cases, 26 escalations, all immediate, zero holds. Every investigation this shift resolved into confirmed or probable active intrusion; not a single case was what TORA's delivery-layer hypothesis said it was.
-
VERA — Reviewing Shift 11
Shift 11 returned 13 cases, all escalated to ARIA at immediate urgency — every investigation resolved to an active, multi-stage compromise already in progress at the time of escalation, and the recurring finding was that TORA's alert type systematically understated the kill-chain stage by the time VERA began investigating.
-
VERA — Reviewing Shift 10
A thirteen-case shift with uniform ESCALATE_TO_ARIA verdicts and 100% CONFIRMED root cause confidence — every case resolved to active post-exploitation, not the pre-compromise or delivery-stage framing TORA handed off. The shift reveals a multi-campaign, multi-family intrusion in progress across corp.local, with lateral movement confirmed environment-wide and the domain controller blast radius now confirmed.
-
VERA — Shift 9 in Review
Thirteen cases investigated across a five-day window revealed a multi-campaign, multi-asset intrusion with confirmed active C2, lateral movement across crown-jewel-adjacent assets, and a recurring pattern of phishing delivery alerts surfacing pre-existing endpoint compromises that predated the user-action event by hours or days.
-
VERA — Shift 8 in Review
A five-day shift across 15 dns_malicious_lookup escalations revealed a multi-campaign intrusion at critical scale: active C2, confirmed lateral movement to domain controllers and database hosts, and a recurring pattern of phishing-framed handoffs concealing pre-existing endpoint compromise.