Get to know # Stav Setty Stav Setty, researcher, enterprise R and D, Cortex, Palo Alto Networks *** ** * ** *** Blogs by Stav Setty Sort By: Recent Recent Popular *** ** * ** *** [![Boosting Identity Security with Cortex XDR/XSIAM Honey Users](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/10/Thinking-Twitter-2.jpg)](https://www.paloaltonetworks.com/blog/security-operations/boosting-identity-security-with-cortex-xdr-honey-users/) ## [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) ### [Boosting Identity Security with Cortex XDR/XSIAM Honey Users](https://www.paloaltonetworks.com/blog/security-operations/boosting-identity-security-with-cortex-xdr-honey-users/) Learn how Cortex XDR's Identity Threat Detection and Response (ITDR) leverages honey users to enhance identity security by detecting and deceiving attackers. Oct 06, 2024 By [Stav Setty](https://www.paloaltonetworks.com/blog/author/stav-setty/?ts=markdown "Posts by Stav Setty") and [Shachar Roitman](https://www.paloaltonetworks.com/blog/author/shachar-roitman/?ts=markdown "Posts by Shachar Roitman") *** ** * ** *** [![Behind the Curtains of a Vendor Email Compromise (VEC) Attack](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/06/Double-Checking.jpg)](https://www.paloaltonetworks.com/blog/security-operations/behind-the-curtains-of-a-vendor-email-compromise-vec-attack/) ## [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) ### [Behind the Curtains of a Vendor Email Compromise (VEC) Attack](https://www.paloaltonetworks.com/blog/security-operations/behind-the-curtains-of-a-vendor-email-compromise-vec-attack/) The blog describes a Phishing campaign abusing a Vendor Email Compromise (VEC) Attack Jun 21, 2023 By [Stav Setty](https://www.paloaltonetworks.com/blog/author/stav-setty/?ts=markdown "Posts by Stav Setty") and [Tom Fakterman](https://www.paloaltonetworks.com/blog/author/tom-fakterman/?ts=markdown "Posts by Tom Fakterman") *** ** * ** *** [![Detecting the Kerberos noPac Vulnerabilities with Cortex XDR™](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/01/Coding-3.jpg)](https://www.paloaltonetworks.com/blog/security-operations/detecting-the-kerberos-nopac-vulnerabilities-with-cortex-xdr/) ## [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown) ### [Detecting the Kerberos noPac Vulnerabilities with Cortex XDR™](https://www.paloaltonetworks.com/blog/security-operations/detecting-the-kerberos-nopac-vulnerabilities-with-cortex-xdr/) Cortex XDR detects the Kerberos noPac vulnerabilities (CVE-2021-42278 and CVE-2021-42287) leveraging behavioral analytics. Jan 10, 2022 By [Stav Setty](https://www.paloaltonetworks.com/blog/author/stav-setty/?ts=markdown "Posts by Stav Setty") and [Aviad Meyer](https://www.paloaltonetworks.com/blog/author/aviad-meyer/?ts=markdown "Posts by Aviad Meyer") *** ** * ** *** [![Stopping “PowerShell without PowerShell” Attacks](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/02/Man-using-Computer.jpg)](https://www.paloaltonetworks.com/blog/security-operations/stopping-powershell-without-powershell/) ## [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown) ### [Stopping "PowerShell without PowerShell" Attacks](https://www.paloaltonetworks.com/blog/security-operations/stopping-powershell-without-powershell/) Executive Summary The Cortex XDR Security Research Team recently observed "PowerShell without PowerShell" activity involving PowerShell commands and scripts that do not directly invoke the powershell.exe binary. PowerShell commands and scripts can ... Feb 09, 2021 By [Stav Setty](https://www.paloaltonetworks.com/blog/author/stav-setty/?ts=markdown "Posts by Stav Setty") and [Aviad Meyer](https://www.paloaltonetworks.com/blog/author/aviad-meyer/?ts=markdown "Posts by Aviad Meyer") *** ** * ** *** [](https://www.paloaltonetworks.com/blog/security-operations/detecting-vba-process-hollowing-with-cortex-xdr/) ## [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) ### [Detecting VBA Process Hollowing With Cortex XDR](https://www.paloaltonetworks.com/blog/security-operations/detecting-vba-process-hollowing-with-cortex-xdr/) Overview Palo Alto Networks' Unit 42 threat research team observed recent activity involving an advanced Visual Basic for Applications (VBA) technique, VBA-RunPE. VBA-RunPE is an implementation of the RunPE technique in VBA. ... Sep 26, 2020 By [Stav Setty](https://www.paloaltonetworks.com/blog/author/stav-setty/?ts=markdown "Posts by Stav Setty") and [Aviad Meyer](https://www.paloaltonetworks.com/blog/author/aviad-meyer/?ts=markdown "Posts by Aviad Meyer") *** ** * ** *** *** ** * ** *** Blogs by Stav Setty Sort By: Popular Popular Recent *** ** * ** *** [![Behind the Curtains of a Vendor Email Compromise (VEC) Attack](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/06/Double-Checking.jpg)](https://www.paloaltonetworks.com/blog/security-operations/behind-the-curtains-of-a-vendor-email-compromise-vec-attack/) ## [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) ### [Behind the Curtains of a Vendor Email Compromise (VEC) Attack](https://www.paloaltonetworks.com/blog/security-operations/behind-the-curtains-of-a-vendor-email-compromise-vec-attack/) The blog describes a Phishing campaign abusing a Vendor Email Compromise (VEC) Attack Jun 21, 2023 By [Stav Setty](https://www.paloaltonetworks.com/blog/author/stav-setty/?ts=markdown "Posts by Stav Setty") and [Tom Fakterman](https://www.paloaltonetworks.com/blog/author/tom-fakterman/?ts=markdown "Posts by Tom Fakterman") *** ** * ** *** [![Stopping “PowerShell without PowerShell” Attacks](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/02/Man-using-Computer.jpg)](https://www.paloaltonetworks.com/blog/security-operations/stopping-powershell-without-powershell/) ## [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown) ### [Stopping "PowerShell without PowerShell" Attacks](https://www.paloaltonetworks.com/blog/security-operations/stopping-powershell-without-powershell/) Executive Summary The Cortex XDR Security Research Team recently observed "PowerShell without PowerShell" activity involving PowerShell commands and scripts that do not directly invoke the powershell.exe binary. PowerShell commands and scripts can ... Feb 09, 2021 By [Stav Setty](https://www.paloaltonetworks.com/blog/author/stav-setty/?ts=markdown "Posts by Stav Setty") and [Aviad Meyer](https://www.paloaltonetworks.com/blog/author/aviad-meyer/?ts=markdown "Posts by Aviad Meyer") *** ** * ** *** [![Detecting the Kerberos noPac Vulnerabilities with Cortex XDR™](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/01/Coding-3.jpg)](https://www.paloaltonetworks.com/blog/security-operations/detecting-the-kerberos-nopac-vulnerabilities-with-cortex-xdr/) ## [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown) ### [Detecting the Kerberos noPac Vulnerabilities with Cortex XDR™](https://www.paloaltonetworks.com/blog/security-operations/detecting-the-kerberos-nopac-vulnerabilities-with-cortex-xdr/) Cortex XDR detects the Kerberos noPac vulnerabilities (CVE-2021-42278 and CVE-2021-42287) leveraging behavioral analytics. Jan 10, 2022 By [Stav Setty](https://www.paloaltonetworks.com/blog/author/stav-setty/?ts=markdown "Posts by Stav Setty") and [Aviad Meyer](https://www.paloaltonetworks.com/blog/author/aviad-meyer/?ts=markdown "Posts by Aviad Meyer") *** ** * ** *** [](https://www.paloaltonetworks.com/blog/security-operations/detecting-vba-process-hollowing-with-cortex-xdr/) ## [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) ### [Detecting VBA Process Hollowing With Cortex XDR](https://www.paloaltonetworks.com/blog/security-operations/detecting-vba-process-hollowing-with-cortex-xdr/) Overview Palo Alto Networks' Unit 42 threat research team observed recent activity involving an advanced Visual Basic for Applications (VBA) technique, VBA-RunPE. VBA-RunPE is an implementation of the RunPE technique in VBA. ... Sep 26, 2020 By [Stav Setty](https://www.paloaltonetworks.com/blog/author/stav-setty/?ts=markdown "Posts by Stav Setty") and [Aviad Meyer](https://www.paloaltonetworks.com/blog/author/aviad-meyer/?ts=markdown "Posts by Aviad Meyer") *** ** * ** *** [![Boosting Identity Security with Cortex XDR/XSIAM Honey Users](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/10/Thinking-Twitter-2.jpg)](https://www.paloaltonetworks.com/blog/security-operations/boosting-identity-security-with-cortex-xdr-honey-users/) ## [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) ### [Boosting Identity Security with Cortex XDR/XSIAM Honey Users](https://www.paloaltonetworks.com/blog/security-operations/boosting-identity-security-with-cortex-xdr-honey-users/) Learn how Cortex XDR's Identity Threat Detection and Response (ITDR) leverages honey users to enhance identity security by detecting and deceiving attackers. Oct 06, 2024 By [Stav Setty](https://www.paloaltonetworks.com/blog/author/stav-setty/?ts=markdown "Posts by Stav Setty") and [Shachar Roitman](https://www.paloaltonetworks.com/blog/author/shachar-roitman/?ts=markdown "Posts by Shachar Roitman") *** ** * ** *** {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language