Forensics of Operating System Agentic AI Activity Traces [Part 2]

- Posted in Hardenings by
Forensics of Operating System Agentic AI Activity Traces [Part 2]
Background: During our previous article, we discovered the steps to reveal the root cause of the incident that involved the Claude AI agentic desktop. Over this article we shall discuss google gemini [...] Read more

Forensics of Operating System Agentic AI Activity Traces [Part 1]

- Posted in Incident Response by
Forensics of Operating System Agentic AI Activity Traces [Part 1]
Background: During incident response, log analysis stages may involve built-in or installed operating system AI helpers such as Claude, OpenAI, and others. Previously, we discussed traces related to [...] Read more

Static Code Analysis for Incident Root Cause and Evidence Recovery

- Posted in Incident Response by
Static Code Analysis for Incident Root Cause and Evidence Recovery
Background: Sometimes during incident response, specialists need to understand the root cause of the incident as quickly as possible. This understanding helps us mitigate the issue and restore [...] Read more

Safe IDE Extensions: Key Triggers and Chunks to Watch for in Plugin Code

- Posted in Threat Analyze by
Safe IDE Extensions: Key Triggers and Chunks to Watch for in Plugin Code
Background: Only looking into well-known attack patterns found in Chrome and other browser extensions is not enough. Since we work daily with IDEs, there is another potential attacker [...] Read more

Unlocking Security: SBOM Benefits for Container Investigations

- Posted in Threat Analyze by
Unlocking Security: SBOM Benefits for Container Investigations
Background: During the incident response analysis stage, it is mandatory to answer the question of how the attacker appeared inside the environment. This becomes especially challenging when dealing [...] Read more

Spotting Threats in Autonomous AI: Essential Skills for Agentic Systems

- Posted in Incident Response by
Spotting Threats in Autonomous AI: Essential Skills for Agentic Systems
Background: The OpenClaw agentic solution has an interaction feature related to feeding independent developer skills from the specific marketplace. The feature name is 'skills,' which is misleadingly [...] Read more

Risky NPM Package (Agentic AI assistant)

- Posted in Incident Response by
Risky NPM Package (Agentic AI assistant)
Background Because the saga of AI and agentic clients continues, organizations can be put at risk since threat actors may target such solutions. This has prompted an effort to understand what is [...] Read more

Friendly Faces, Malicious Moves: Inside Legitimate IDE Threats in Technical Interviews

- Posted in Hardenings by
Friendly Faces, Malicious Moves: Inside Legitimate IDE Threats in Technical Interviews
Background: While reading an article about how threat actors abuse legitimate VS Code functionality to run malicious code on a target machine when a project is opened by the victim, I concluded that [...] Read more

Simple Methods to Spot Disabled Antivirus (Windows Defender) on Windows Systems

- Posted in Incident Response by
Simple Methods to Spot Disabled Antivirus (Windows Defender) on Windows Systems
Background: During incident response, it’s not always the case that advanced, highly sophisticated AV bypass techniques are used. Sometimes, attackers rely on simple, out-of-the-box methods to [...] Read more

Wild Exploits, Missing Logs: Docker Incident Response Without SIEM Visibility

- Posted in Incident Response by
Wild Exploits, Missing Logs: Docker Incident Response Without SIEM Visibility
Background: Sometimes, when dealing with incidents, there can be situations where logs are not available—especially in cases involving containers that were downloaded from Docker Hub. For example, [...] Read more
Page 1 of 9