Home » Archive for January 2025

Abusing Trusted Relationships (T1199): Delivering Malicious Emails by Compromising Historical Recipients

- Posted in Threat Analyze by
Abusing Trusted Relationships (T1199): Delivering Malicious Emails by Compromising Historical Recipients
Background: From time to time, the infosec community observes trends where threat actors abuse Trusted Relationships (T1199) to deliver malware to known recipients. This technique exploits the fact [...] Read more

Silent Intrusion: Sophisticated Threat Actor Exploits Fake Job Offers and Video Calls for Malware Delivery

- Posted in Threat Analyze by
Silent Intrusion: Sophisticated Threat Actor Exploits Fake Job Offers and Video Calls for Malware Delivery
Background: In one of my previous articles, I covered the challenges associated with fake job interviews. This type of attack has also been leveraged by highly sophisticated groups. I would like to [...] Read more

Identifying the Root Cause of Cybersecurity Incidents Involving Exploit Detonation on Windows Machines

- Posted in Incident Response by
Identifying the Root Cause of Cybersecurity Incidents Involving Exploit Detonation on Windows Machines
Background: During the incident response stage of "Log Collection," it is highly valuable to collect comprehensive data from the servers, especially when the affected system is running Windows OS. [...] Read more

Case Study: Tackling Extension Infections with a Budget-Friendly Scratch Project

- Posted in Threat Analyze by
Case Study: Tackling Extension Infections with a Budget-Friendly Scratch Project
Backgound: Following a notification from a company that fell victim to a supply chain attack, where attackers compromised their Chrome extension, I realized the importance of addressing this issue. [...] Read more