Home » Archive for 2025

Researching CVE-2025-14847 (Mongo memory leak): Defensive Strategies and Detection Techniques

- Posted in Threat Analyze by
Researching CVE-2025-14847 (Mongo memory leak): Defensive Strategies and Detection Techniques
Background: A few days ago, there was a notification about a memory leak issue (CVE) affecting MongoDB. Shortly after, a proof-of-concept (POC) was released on one of the version control channels. As [...] Read more

Agentic AI challenges in IDE: Forensic and extraction of traces PART 3

- Posted in Incident Response by
Agentic AI challenges in IDE: Forensic and extraction of traces PART 3
Background: In our latest research related to forensic traces left by IDEs, let's look into the Cursor AI IDE. Traces: As in our previous research, we saw that some of its components rely on VS Code. [...] Read more

Agentic AI challenges in IDE: Forensic and extraction of traces PART 2

- Posted in Incident Response by
Agentic AI challenges in IDE: Forensic and extraction of traces PART 2
Background: As we continue our research around agentic IDEs which can leave traces, because at some IR stages you need to deal with such things—especially when an engineer's machine was involved in [...] Read more

Agentic AI challenges in IDE: Forensic and extraction of traces PART 1

- Posted in Incident Response by
Agentic AI challenges in IDE: Forensic and extraction of traces PART 1
Background: With the rise of AI companions and agentic features in popular IDEs, these tools can now execute commands with user consent. This presents new challenges for digital forensic specialists, [...] Read more

AI-Powered Polymorphic Phishing Pages: Detection Methods and Defensive Strategies

- Posted in Threat Analyze by
AI-Powered Polymorphic Phishing Pages: Detection Methods and Defensive Strategies
Background: As AI technologies rapidly advance, it is essential for us as cybersecurity specialists to understand how we can defend against emerging threats. One scenario that comes to mind is the [...] Read more

Hunting for Threats in the Dark: Leverage AI Technology to Support Your Investigation

- Posted in Incident Response by
Hunting for Threats in the Dark: Leverage AI Technology to Support Your Investigation
Background: Threat actors have been leveraging AI in their attacks for some time now. Through searching for answers on how we as IR specialists can stand against this threat, I have come to a simple [...] Read more

Crafting and Case Study of Cost-Effective Universal Hardware Toolkits for specific IR cases

- Posted in Incident Response by
Crafting and Case Study of Cost-Effective Universal Hardware Toolkits for specific IR cases
Background: In the incident response discipline, it is often necessary to carry hardware in our bags that can make daily tasks more manageable. In our previous articles, we discussed how to leverage [...] Read more

Defensive Edge: Adapting Red Team Hardware for IR

- Posted in Incident Response by
Defensive Edge: Adapting Red Team Hardware for IR
Background: Red team specialists often use specialized hardware during operations. However, don't worry—this hardware isn't exclusive to red teams. Incident responders also can use some of hardware [...] Read more

Cross-Linux Distro Forensic Data Collection Techniques for IR

- Posted in Incident Response by
Cross-Linux Distro Forensic Data Collection Techniques for IR
Background: One of the IR stages is the "collection" stage, which occurs between containment and analysis. We sometimes need to collect evidence from Kubernetes pods or Docker containers, which can [...] Read more

Evidence Collection on Linux Without External Toolkits

- Posted in Incident Response by
Evidence Collection on Linux Without External Toolkits
Background: During incident response, time constraints can make it difficult to fully understand the scope of an incident. This challenge becomes even greater when our existing toolset does not [...] Read more
Page 1 of 6