November 2024

Tracking Seized Domains: Checking Your Environment for Harmful Domain IOCs

30 November 2024 - Posted in Threat Analyze by Jok3r

Background: It’s no secret that international law enforcement agencies periodically seize domains linked to cyber threats, criminal activities, and other harmful purposes. Every cybersecurity [...] Read more

Weaponizing Trust: The Fight Against Signed Malicious Code

25 November 2024 - Posted in Other by Jok3r

Background: During the MITRE ATT&CK Initial Access stage (T1199), attackers often impersonate trusted sources to gain a foothold in the target environment. By originating their activities from [...] Read more

Scalable Snapshot Management in the Cloud for Windows and Linux Systems: Best Practices for Data Security and Forensics

15 November 2024 - Posted in Incident Response by Jok3r

Background: During a cybersecurity incident in the cloud, one of the mandatory steps is to take a snapshot of the machine that contains the threat, isolate it, and preserve the snapshot or filesystem [...] Read more

Technical Detection of Typo-Squatted Campaigns: A Case Study on Roblox Game Account Hijacking

09 November 2024 - Posted in Threat Analyze by Jok3r

Background: A few days ago, UNIT42 reported tracking an active phishing campaign targeting Roblox game players, which is hugely popular worldwide. In a previous article, I covered the broader threats [...] Read more

From Interviews to Infections: The Dangerous Trend of Cybercriminals in Job Recruitment

02 November 2024 - Posted in Threat Analyze by Jok3r

Background: Over the years, the tactics, techniques, and procedures (TTPs) of attackers have evolved significantly. Recently, APT groups have used new methods that have also been adopted by average [...] Read more