2024 - Cybersecurity threat portal

When APTs Knock on Your Wi-Fi: Real-World Lessons for Better Security

26 December 2024 - Posted in Other by Jok3r

Background: Recently, I came across a notification about a highly targeted attack against a U.S. company, where the attacker exploited a neighboring network to perform lateral movement into the [...] Read more

Strategies for Discovering C2 Servers During the Incident Response Log Collection and Analyze Stage

07 December 2024 - Posted in Other by Jok3r

Background: During malware analysis on assets, one of the best approaches is not only to focus on identifying the exact malware but also to look for signs of other malware based on external calls [...] Read more

Tracking Seized Domains: Checking Your Environment for Harmful Domain IOCs

30 November 2024 - Posted in Threat Analyze by Jok3r

Background: It’s no secret that international law enforcement agencies periodically seize domains linked to cyber threats, criminal activities, and other harmful purposes. Every cybersecurity [...] Read more

Weaponizing Trust: The Fight Against Signed Malicious Code

25 November 2024 - Posted in Other by Jok3r

Background: During the MITRE ATT&CK Initial Access stage (T1199), attackers often impersonate trusted sources to gain a foothold in the target environment. By originating their activities from [...] Read more

Scalable Snapshot Management in the Cloud for Windows and Linux Systems: Best Practices for Data Security and Forensics

15 November 2024 - Posted in Incident Response by Jok3r

Background: During a cybersecurity incident in the cloud, one of the mandatory steps is to take a snapshot of the machine that contains the threat, isolate it, and preserve the snapshot or filesystem [...] Read more

Technical Detection of Typo-Squatted Campaigns: A Case Study on Roblox Game Account Hijacking

09 November 2024 - Posted in Threat Analyze by Jok3r

Background: A few days ago, UNIT42 reported tracking an active phishing campaign targeting Roblox game players, which is hugely popular worldwide. In a previous article, I covered the broader threats [...] Read more

From Interviews to Infections: The Dangerous Trend of Cybercriminals in Job Recruitment

02 November 2024 - Posted in Threat Analyze by Jok3r

Background: Over the years, the tactics, techniques, and procedures (TTPs) of attackers have evolved significantly. Recently, APT groups have used new methods that have also been adopted by average [...] Read more

Preparing and Building Forensic Tools for Volatile Memory Acquisition: Techniques and Best Practices [ Part 2.5 ]

27 October 2024 - Posted in Incident Response by Jok3r

Background: In my previous article, I covered, at a high level, all the necessary actions required to prepare for volatile memory dumping in the case of a cybersecurity incident. This process is [...] Read more

Building a Forensic USB Drive: Tools and Techniques for Imaging [ PART 1.5 ]

19 October 2024 - Posted in Incident Response by Jok3r

Background: In a previous article, I discussed the high-level preparations needed to acquire an image of a machine requiring forensic analysis. However, have you considered the caveats related to [...] Read more

The Dark Side of Integration: Risks of Windows OS hooks in Malicious Hands

12 October 2024 - Posted in Threat Analyze by Jok3r

Background: Each action we perform in the Windows UI layer involves loading DLLs that contain various hooks. Hooks are similar to backend APIs, enabling us to achieve specific results. Through [...] Read more