Communicating Incident Response: A Reporting Framework for the C-Suite

- Posted in Incident Response by
Communicating Incident Response: A Reporting Framework for the C-Suite
Background: Incident response is divided into two parts: hands-on activities and management activities. We have discussed hands-on activities extensively. However, if we want to present the activity [...] Read more

Infinity War: Threat in the Docker Images

- Posted in Other by
Infinity War: Threat in the Docker Images
Background: In one of our previous articles, we discussed analyzing Docker images for vulnerabilities at the operating system level. In this article, we will explore another attack pattern related to [...] Read more

Knock, knock: Why the recent announcement about mobile spyware leak was fake

- Posted in Threat Analyze by
Knock, knock: Why the recent announcement about mobile spyware leak was fake
Background: Recently, a Telegram account announced the publication of source codes related to a mobile spyware. Before drawing any final conclusions, it is important to understand that this [...] Read more

Custom Approaches to Vulnerability Detection in Docker Containers

- Posted in Hardenings by
Custom Approaches to Vulnerability Detection in Docker Containers
Background: Today, the industry already provides the capability to use dedicated scanners for Docker images and containers. However, what if you do not have the budget to acquire such tools? In this [...] Read more

Trusted Insider, Unseen Adversary

- Posted in Other by
Trusted Insider, Unseen Adversary
Background: One of the best examples to understand insider threats or similar risks is to look at the case of DPRK (North Korean) IT workers. This is becoming one of the most widespread risks related [...] Read more

Not the First, Not the Last: Understanding the 16 Billion Infostealer Leak

- Posted in Threat Analyze by
Not the First, Not the Last: Understanding the 16 Billion Infostealer Leak
Background: Recently, the media reported on a leak of 16 billion cleartext passwords that were found on an underground platform. As a result, the team behind the discovery noticed that the names of [...] Read more

The Invisible Threat: How to Detect Physical Keystroke Injection Implants

- Posted in Threat Analyze by
The Invisible Threat: How to Detect Physical Keystroke Injection Implants
Background: In today's cybersecurity landscape, there are many attack types. One of them is hardware-based, which can be leveraged by threat actors to connect special keystroke injection devices into [...] Read more

No Way to Escape: Linux Malware Sandbox Detection Development Fundamental Component from Scratch

- Posted in Threat Analyze by
No Way to Escape: Linux Malware Sandbox Detection Development Fundamental Component from Scratch
Background: Linux malware is a rare example that can be encountered within an environment during its functional process. This presents a real challenge for beginners attempting malware analysis [...] Read more

Defending Against ClickFix and FakeCaptcha: Detection Techniques for Modern Malware Campaigns

- Posted in Hardenings by
Defending Against ClickFix and FakeCaptcha: Detection Techniques for Modern Malware Campaigns
Background: ClickFix or FakeCaptcha attacks have become a common component of many attack campaigns. These techniques enable threat actors, with the user's unwitting assistance, to execute arbitrary [...] Read more

Hardcoded Hazards: Detecting Secret Leaks in Source Code

- Posted in Other by
Hardcoded Hazards: Detecting Secret Leaks in Source Code
Background: Organizations often invest significant resources in research and development (R&D), which can carry substantial risks—especially when sensitive information is inadvertently exposed [...] Read more
Page 5 of 10