Blog Posts

Featured posts from our MOXFIVE Technical Advisors with thoughts and stories to help minimize the business impact of cyber attacks.

Cache Me If You Can: Through the Hacker's Eyes

In cyber investigations, the biggest breakthroughs can come from the smallest traces. In this blog, Britton Manahan explores the forensic goldmine of Remote Desktop Protocol (RDP) bitmap caches — a specialized artifact that can reveal critical evidence even when logs are wiped and systems go offline.

Cybersecurity Spring Cleaning: 5 things to Refresh this Season

With spring in full swing and summer around the corner, organizations should use this season as an opportunity to audit and address these 5 key areas of cybersecurity.

Multi-Layered Persistence in the Cyberverse of Madness

Modern threat actors use large-scale, advanced persistence methods, making response harder—understanding these tactics is key to protecting critical infrastructure.

Entropy Triage: A Method to Repair Files Corrupted by Failed Ransomware Encryption

When a decryption tool fails to work it can be devastating for ransomware victims. In this blog, we'll walk you through a method MOXFIVE working with our colleagues at Coveware identified to repair these corrupted files in some circumstances.

Shouting from the Rooftops: Get Your Backups off the Domain

Backups are maybe the single strongest element to ransomware resilience. But during real cyber events, we often see backups that are unusable. Victims have often paid for a backup product – and developed a sense of confidence around that solution – only for the backups to fail when they are most needed.

New Year, New Cybersecurity Posture

The start of the new year is a fantastic time to set new goals for yourself and your organization. In this post we explore cybersecurity roadmaps, how your organization can refine / create one, and what items to consider in 2025.

What Isn't Covered by Cyber Insurance?

Despite its growing role in incident response, understanding cybersecurity insurance coverage can still be daunting for many organizations. In this blog, we discuss what cybersecurity insurance is, what to look for within your policy, and what is not typically covered by most policies to help you feel more prepared when submitting a claim.

How Does Your Company "Winterize" Your Cybersecurity Posture?

Here's a quick look at cybersecurity initiatives to think about tackling in Q4 or integrating into your roadmap for this upcoming year.

Assessing Cyber Risk of New Vulnerabilities

How do you assess the risk to your organization when a new vulnerability is announced? Here's a quick checklist to help you gauge the severity.

The Million Dollar Question

Should you pay the ransom? It depends.

Setting Expectations: Ransomware Decryptors

A short list of things to keep in mind when dealing the ransomware decryptors.

Understanding the Costs of Incident Response: Proper Security Controls

Having proper security controls in place are critical to preventing both the frequency and severity of cyber incidents.

Unmasking the Mystery of Cybersecurity Training: Turning Yawns into Yields

Cybersecurity training is often treated as a task done simply to check a box on a security checklist, but in reality, it's a critical element of a mature cybersecurity program.

Understanding the Costs of Incident Response: Data Mining + Notification

Understanding what data has been affected and determining a notification plan is a critical aspect of incident response that comes with substantial costs and complexities.

Understanding the Costs of Incident Response

In this series, we look at the various costs that may be incurred during a typical ransomware incident and discuss key security controls that can help organizations minimize the impact of a cyber-attack.

Navigating the Cyber Insurance Market

As cyber threats evolve, understanding the changing cyber insurance market is essential for organizations to ensure adequate coverage. This article for InsuranceNewsNet.com looks at key points to keep in mind when considering a cyber policy.

Airiam Podcast: Flight Plan for Ransomware Recovery

Jim Aldridge joins our partners at Airiam on their podcast to discuss parallels he sees between flying a plane and successfully preparing for and responding to cybersecurity incidents.

Enterprise Remediation Part 1: Five Tips for Preparing and Planning

When an incident progresses to the point where enterprise remediation is required, the scope and scale of the response can be daunting. In this two-part series with CrowdStrike, we lay out a roadmap from planning to recovery.

The Future is Now, AI-Assisted Cybersecurity

Can new AI models such as ChatGPT be used to help cybersecurity teams? Yes! Here are three quick use cases.

8 Mitigation Options to Help Reduce the Impact of a Ransomware Incident

In this blog, we look at 8 examples of best practices that can be implemented to provide for a more resilient architecture.

Ransomware and the Importance of Selecting the Right Digital Forensics Provider

Picking a forensics provider is one of the first critical decisions you have to make when faced with a cyber incident. In this blog, we cover the capabilities to consider when evaluating a potential provider.

Investigating Business Email Compromises

Business Email Compromises (BECs) continue to be the one of the top attack vectors, costing organizations over $2.3 billion in 2021. In this blog, we share priorities and key methodologies for investigating these attacks.

Minimizing the Impact: Securing Active Directory

Gaining access to Active Directory is often a goal of threat actors during an intrusion. In this blog, we look at two key workstreams that add security layers making it more difficult for threat actors to achieve this goal.

When it Comes to Cybersecurity, Money Talks

Changes in the cyber insurance industry are driving a change in how organizations are investing in security.

The Next Phase in Cyber Insurance

Cyber claims have departed from lost laptops and basic malware claims and the industry is now realizing that it's less prepared to deal with

ALL
Incident Management
Risk Management
Ransomware
Cyber Insurance
Featured Categories
Which Comes First?

Do we recover first or harden security?

Airiam Podcast: Flight Plan for Ransomware Recovery

Jim Aldridge joins our partners at Airiam on their podcast to discuss parallels he sees between flying a plane and successfully preparing for and responding to cybersecurity incidents.

Enterprise Remediation Part 2: Strategies for Containing and Recovering

In Part Two of our blog with CrowdStrike, we share proven strategies and techniques for effective large-scale remediation efforts.

Enterprise Remediation Part 1: Five Tips for Preparing and Planning

When an incident progresses to the point where enterprise remediation is required, the scope and scale of the response can be daunting. In this two-part series with CrowdStrike, we lay out a roadmap from planning to recovery.

8 Mitigation Options to Help Reduce the Impact of a Ransomware Incident

In this blog, we look at 8 examples of best practices that can be implemented to provide for a more resilient architecture.

Investigating Business Email Compromises

Business Email Compromises (BECs) continue to be the one of the top attack vectors, costing organizations over $2.3 billion in 2021. In this blog, we share priorities and key methodologies for investigating these attacks.

Minimizing the Impact: Network Segmentation

Host-based microsegmentation offers a wide range of advantages over legacy counterparts allowing organizations to apply segmentation at much deeper granularity including host, user, or application levels.

Minimizing the Impact: Securing Active Directory

Gaining access to Active Directory is often a goal of threat actors during an intrusion. In this blog, we look at two key workstreams that add security layers making it more difficult for threat actors to achieve this goal.

Incident Management Chronicles: Striking The Right Balance

Finding the right balance between containment, recovery and forensics workstreams is the key to faster and more effective incident response.

Incident Management Chronicles: Recovery vs Forensics

The lines between forensics and recovery can easily blur during incident response. Using an approach that delivers both in parallel helps minimize business interruption and get organizations back online more quickly.

Targeted Containment — Less is More

Prioritize efforts, consolidate focus, succeed.

MOXFIVE, CrowdStrike, and Baker Tilly outline three use cases where our intelligence-led process helped clients recover with speed and precision.

Download the Whitepaper

Our mission is to minimize the business impact of cyber attacks. 

HOW WE CAN HELP

Incident Response

MOXFIVE provides the clarity and peace of mind needed for attack victims during the incident response process. Our platform approach enables victims of attacks to work with a Technical Advisor who provides the expertise and guidance needed in a time of crisis, and facilitates the delivery of all technical needs required, consistently and efficiently.

Learn More

Business Resilience

With experience on the front lines responding to incidents daily, MOXFIVE Technical Advisors have the unique ability to connect the dots between business, information technology, and security objectives to help you quickly identify the gaps and build a more resilient environment.

Learn More