2025 - Cybersecurity threat portal

Challenges of Digital Drives: File Recovery in Practice Without Expensive Tools [ Final Part ]

22 March 2025 - Posted in Incident Response by Jok3r

Background: In the previous article, we discussed how files are stored inside drives and highlighted the essential metrics to consider after acquiring the storage footprint. Now, we will dive deeper [...] Read more

Challenges of Digital Drives: Footprint Integrity and Binary View During Incident Response Log Collection

14 March 2025 - Posted in Incident Response by Jok3r

Background: In one of our previous articles, I've introduced the process of preparing a USB drive/tool for forensic analysis. Now, it is time to delve one level deeper and explore the key points that [...] Read more

Native Linux Incident Response: Evidence Collection Without Third-Party Tools

08 March 2025 - Posted in Incident Response by Jok3r

Background: That being said, the incident response subprocess, from the perspective of budgeting and complexity, is not necessarily easy. However, today's tooling and built-in tools provide us with [...] Read more

The Evolution of Malware Infection Chains: Analysis of Multiplication and Complexity Over the Years

01 March 2025 - Posted in Other by Jok3r

Background: In a perfect scenario, before malware is executed on a victim's machine, it must go through several stages and specialists. First, a core malware function writer develops its primary [...] Read more

Fortifying Cyber Defenses: Correlating Data Leaks, LLMs, and Official Guidelines to Combat Ransomware

22 February 2025 - Posted in Hardenings by Jok3r

Background: I came across an interesting method that highlights why integrating Threat Intelligence, Official Recommendations, and LLMs can create a more robust perimeter to combat threats like [...] Read more

Cybersecurity for Brand Protection: Methods to Detect Digital Threats

16 February 2025 - Posted in Incident Response by Jok3r

Background: Brand protection is one of the pillars of your online business. When your digital presence is impactful, various threat actors and similar entities may try to exploit it by impersonating [...] Read more

From Sigma to Scale: Enhancing SIEM Detection Engineering in Cloud Environments

11 February 2025 - Posted in Hardenings by Jok3r

Background: It's no surprise that even security tools require maintenance, especially when scaling. Based on your chosen strategy, security detection engineers should review their environment every [...] Read more

T1590.001: Exposed Domain Registration Records – A Tool for Both Threat Actors and Cyber Defenders

04 February 2025 - Posted in Hardenings by Jok3r

Background: Before coming across this shared article, I noticed an interesting correlation: sometimes, domain registrar customers forget to enable email privacy. Once this oversight is discovered, [...] Read more

Abusing Trusted Relationships (T1199): Delivering Malicious Emails by Compromising Historical Recipients

26 January 2025 - Posted in Threat Analyze by Jok3r

Background: From time to time, the infosec community observes trends where threat actors abuse Trusted Relationships (T1199) to deliver malware to known recipients. This technique exploits the fact [...] Read more

Silent Intrusion: Sophisticated Threat Actor Exploits Fake Job Offers and Video Calls for Malware Delivery

22 January 2025 - Posted in Threat Analyze by Jok3r

Background: In one of my previous articles, I covered the challenges associated with fake job interviews. This type of attack has also been leveraged by highly sophisticated groups. I would like to [...] Read more