Home » Archive for 2025

Adversarial nation IT talent

- Posted in Other by
Adversarial nation IT talent
Background: Sometimes, as an organization grows, it needs to hire specialists for remote work. However, you can never be certain whether the person standing opposite you is an impostor attempting to [...] Read more

Linux Volatile Memory Forensics: Key Caveats in Acquisition and Analysis [PART 2 Final]

- Posted in Incident Response by
Linux Volatile Memory Forensics: Key Caveats in Acquisition and Analysis [PART 2 Final]
Background: In our previous article, we discussed and compared various tools that facilitate the acquisition of volatile memory . In this article we are going to cover final part of our challenge to [...] Read more

State-Linked Hacker Toolset Analysis & Defense Blueprint

- Posted in Threat Analyze by
State-Linked Hacker Toolset Analysis & Defense Blueprint
Background: Recently, some unknown specialists uploaded several dumps from servers that, according to their claims, are related to Kimsuky (State sponsored) systems. As cybersecurity defenders, we [...] Read more

Linux Volatile Memory Forensics: Key Caveats in Acquisition and Analysis [PART1]

- Posted in Incident Response by
Linux Volatile Memory Forensics: Key Caveats in Acquisition and Analysis [PART1]
Background: During the incident containment stage, there may be situations where it is necessary to acquire a volatile dump of RAM from hardware. Since we have already covered memory acquisition on [...] Read more

Essential Data Acquisition and Digital Forensics for Incident Responders

- Posted in Incident Response by
Essential Data Acquisition and Digital Forensics for Incident Responders
Background: In a previous article, we discussed the method for creating a USB flash drive to acquire forensic images. In this article, I'll explain how to leverage the previously created tool during [...] Read more

Communicating Incident Response: A Reporting Framework for the C-Suite

- Posted in Incident Response by
Communicating Incident Response: A Reporting Framework for the C-Suite
Background: Incident response is divided into two parts: hands-on activities and management activities. We have discussed hands-on activities extensively. However, if we want to present the activity [...] Read more

Infinity War: Threat in the Docker Images

- Posted in Other by
Infinity War: Threat in the Docker Images
Background: In one of our previous articles, we discussed analyzing Docker images for vulnerabilities at the operating system level. In this article, we will explore another attack pattern related to [...] Read more

Knock, knock: Why the recent announcement about mobile spyware leak was fake

- Posted in Threat Analyze by
Knock, knock: Why the recent announcement about mobile spyware leak was fake
Background: Recently, a Telegram account announced the publication of source codes related to a mobile spyware. Before drawing any final conclusions, it is important to understand that this [...] Read more

Custom Approaches to Vulnerability Detection in Docker Containers

- Posted in Hardenings by
Custom Approaches to Vulnerability Detection in Docker Containers
Background: Today, the industry already provides the capability to use dedicated scanners for Docker images and containers. However, what if you do not have the budget to acquire such tools? In this [...] Read more

Trusted Insider, Unseen Adversary

- Posted in Other by
Trusted Insider, Unseen Adversary
Background: One of the best examples to understand insider threats or similar risks is to look at the case of DPRK (North Korean) IT workers. This is becoming one of the most widespread risks related [...] Read more
Page 2 of 5