Home » Archive for January 2026

Friendly Faces, Malicious Moves: Inside Legitimate IDE Threats in Technical Interviews

- Posted in Hardenings by
Friendly Faces, Malicious Moves: Inside Legitimate IDE Threats in Technical Interviews
Background: While reading an article about how threat actors abuse legitimate VS Code functionality to run malicious code on a target machine when a project is opened by the victim, I concluded that [...] Read more

Simple Methods to Spot Disabled Antivirus (Windows Defender) on Windows Systems

- Posted in Incident Response by
Simple Methods to Spot Disabled Antivirus (Windows Defender) on Windows Systems
Background: During incident response, it’s not always the case that advanced, highly sophisticated AV bypass techniques are used. Sometimes, attackers rely on simple, out-of-the-box methods to [...] Read more

Wild Exploits, Missing Logs: Docker Incident Response Without SIEM Visibility

- Posted in Incident Response by
Wild Exploits, Missing Logs: Docker Incident Response Without SIEM Visibility
Background: Sometimes, when dealing with incidents, there can be situations where logs are not available—especially in cases involving containers that were downloaded from Docker Hub. For example, [...] Read more

Linux Suspicious ELF File Static Analysis Techniques and Approaches

- Posted in Threat Analyze by
Linux Suspicious ELF File Static Analysis Techniques and Approaches
Background: Sometimes during daily cases we see suspicious detections on Linux machines which have hashes that do not exist on popular platforms and we do not have licenses for sandboxes. To resolve [...] Read more