Author: Francis Guibernau

Francis Guibernau is a Senior Adversary Research Engineer and member of the Adversary Research Team (ART) at AttackIQ. Francis conducts in-depth threat research and analysis to design and create highly sophisticated and realistic adversary emulations. He also coordinates the Cyber Threat Intelligence (CTI) project, which focuses on researching, analyzing, tracking, and documenting adversaries, malware families, and cybersecurity incidents. Francis has extensive experience in adversary intelligence, encompassing both Nation-State and eCrime threats, as well as in vulnerability assessment and management, having previously worked at Deloitte and BNP Paribas.
    Adversary Emulation, AvosLocker, Ransomware, TTPs, US-CERT Alert, US-CERT Alert Response

    Attack Graph Response to CISA Advisory (AA23-284A): #StopRansomware: AvosLocker Ransomware

    November 1, 2023
    AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-284A) that disseminates known Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs), and detection methods associated with AvosLocker ransomware identified through FBI investigations as recent as May 2023. AvosLocker is known for conducting activities against organizations across multiple critical infrastructure sectors using legitimate software and open-source remote system administration tools.
    Read More
    Adversary Emulation, Ransomware

    Emulating the Commodity Downloader GootLoader

    October 9, 2023
    AttackIQ has released three new attack graphs that aim to emulate the recent activities involving the commodity JavaScript-based downloader known as GootLoader.
    Read More
    Ransomware

    Emulating the Controversial and Intriguing Rhysida Ransomware

    September 20, 2023
    AttackIQ has released two new attack graphs that seek to emulate the various activities carried out by the controversial Ransomware-as-a-Service (RaaS) known as Rhysida against multiple targets worldwide since its discovery in May 2023.
    Read More
    AttackIQ, Cloud Security

    The Uncharted Waters of Cloud Security Optimization

    September 19, 2023
    Programmatic cloud testing can be your true north.
    Read More
    Adversary Emulation, North Korea

    Response to Lazarus’ 3CX Supply Chain Compromise

    April 14, 2023
    AttackIQ has released a new attack graph that aims to emulate the activities linked to the recent supply chain attack against the software developed by the company 3CX. This new release aims to emulate the activities carried out during the initial stages of the system compromise and the hands-on keyboard activity led by Lazarus Group.
    Read More