Cybersecurity threat portal - Blog related to cybersecurity threat

Native Linux Incident Response: Evidence Collection Without Third-Party Tools

08 March 2025 - Posted in Incident Response by Jok3r

Background: That being said, the incident response subprocess, from the perspective of budgeting and complexity, is not necessarily easy. However, today's tooling and built-in tools provide us with [...] Read more

The Evolution of Malware Infection Chains: Analysis of Multiplication and Complexity Over the Years

01 March 2025 - Posted in Other by Jok3r

Background: In a perfect scenario, before malware is executed on a victim's machine, it must go through several stages and specialists. First, a core malware function writer develops its primary [...] Read more

Fortifying Cyber Defenses: Correlating Data Leaks, LLMs, and Official Guidelines to Combat Ransomware

22 February 2025 - Posted in Hardenings by Jok3r

Background: I came across an interesting method that highlights why integrating Threat Intelligence, Official Recommendations, and LLMs can create a more robust perimeter to combat threats like [...] Read more

Cybersecurity for Brand Protection: Methods to Detect Digital Threats

16 February 2025 - Posted in Incident Response by Jok3r

Background: Brand protection is one of the pillars of your online business. When your digital presence is impactful, various threat actors and similar entities may try to exploit it by impersonating [...] Read more

From Sigma to Scale: Enhancing SIEM Detection Engineering in Cloud Environments

11 February 2025 - Posted in Hardenings by Jok3r

Background: It's no surprise that even security tools require maintenance, especially when scaling. Based on your chosen strategy, security detection engineers should review their environment every [...] Read more

T1590.001: Exposed Domain Registration Records – A Tool for Both Threat Actors and Cyber Defenders

04 February 2025 - Posted in Hardenings by Jok3r

Background: Before coming across this shared article, I noticed an interesting correlation: sometimes, domain registrar customers forget to enable email privacy. Once this oversight is discovered, [...] Read more

Abusing Trusted Relationships (T1199): Delivering Malicious Emails by Compromising Historical Recipients

26 January 2025 - Posted in Threat Analyze by Jok3r

Background: From time to time, the infosec community observes trends where threat actors abuse Trusted Relationships (T1199) to deliver malware to known recipients. This technique exploits the fact [...] Read more

Silent Intrusion: Sophisticated Threat Actor Exploits Fake Job Offers and Video Calls for Malware Delivery

22 January 2025 - Posted in Threat Analyze by Jok3r

Background: In one of my previous articles, I covered the challenges associated with fake job interviews. This type of attack has also been leveraged by highly sophisticated groups. I would like to [...] Read more

Identifying the Root Cause of Cybersecurity Incidents Involving Exploit Detonation on Windows Machines

06 January 2025 - Posted in Incident Response by Jok3r

Background: During the incident response stage of "Log Collection," it is highly valuable to collect comprehensive data from the servers, especially when the affected system is running Windows OS. [...] Read more

Case Study: Tackling Extension Infections with a Budget-Friendly Scratch Project

01 January 2025 - Posted in Threat Analyze by Jok3r

Backgound: Following a notification from a company that fell victim to a supply chain attack, where attackers compromised their Chrome extension, I realized the importance of addressing this issue. [...] Read more