Incident Response

RSS

It takes two: The 2025 Sophos Active Adversary Report

Security Operations

Threat Research

Active Adversary

Active Adversary Report

Compromised Credentials

detection

dwell time

Featured

impact

incident response

LOLBIN

MFA

Monitoring

RDP

Remote Ransomware

root cause

It takes two: The 2025 Sophos Active Adversary Report

Security Operations

Threat Research

Active Adversary

Active Adversary Report

Featured

incident response

LoLBINs

MDR.

RDP

The Bite from Inside: The Sophos Active Adversary Report

Qilin ransomware caught stealing credentials stored in Google Chrome

Security Operations

Threat Research

Credentials

Featured

incident response

Privacy

qilin

Ransomware

Qilin ransomware caught stealing credentials stored in Google Chrome

Security Operations

Threat Research

AnyDesk

Featured

incident response

mad liberator

malware

Social engineering

Don’t get Mad, get wise

Security Operations

Threat Research

Active Adversary

Active Adversary Report

Featured

incident response

RDP

Sophos X-Ops

RD Web Access abuse: Fighting back

Products & Services

CIR

Featured

incident response

NCSC

Sophos IR

Sophos Incident Response achieves NCSC Certified Incident Response (CIR) Level 2 status

Security Operations

Threat Research

data extraction

DFIR

Encryption

Featured

incident response

MDR.

Ransomware

Sophos X-Ops

virtual machine

Extracting data from encrypted virtual disks: six seven methods

Threat Research

Active Adversary

Active Adversary Report

Case Study

Featured

incident response

RDP

Sophos X-Ops

It’s Oh So Quiet (?): The Sophos Active Adversary Report for 1H 2024

Security Operations

Threat Research

Active Adversary

Active Adversary Report

Featured

incident response

Incident response tools

MDR.

RDP

Sophos X-Ops

Remote Desktop Protocol: The Series