Home » Posts tagged incident_response

Unlocking Security: SBOM Benefits for Container Investigations

- Posted in Threat Analyze by
Unlocking Security: SBOM Benefits for Container Investigations
Background: During the incident response analysis stage, it is mandatory to answer the question of how the attacker appeared inside the environment. This becomes especially challenging when dealing [...] Read more

Spotting Threats in Autonomous AI: Essential Skills for Agentic Systems

- Posted in Incident Response by
Spotting Threats in Autonomous AI: Essential Skills for Agentic Systems
Background: The OpenClaw agentic solution has an interaction feature related to feeding independent developer skills from the specific marketplace. The feature name is 'skills,' which is misleadingly [...] Read more

Friendly Faces, Malicious Moves: Inside Legitimate IDE Threats in Technical Interviews

- Posted in Hardenings by
Friendly Faces, Malicious Moves: Inside Legitimate IDE Threats in Technical Interviews
Background: While reading an article about how threat actors abuse legitimate VS Code functionality to run malicious code on a target machine when a project is opened by the victim, I concluded that [...] Read more

Agentic AI challenges in IDE: Forensic and extraction of traces PART 3

- Posted in Incident Response by
Agentic AI challenges in IDE: Forensic and extraction of traces PART 3
Background: In our latest research related to forensic traces left by IDEs, let's look into the Cursor AI IDE. Traces: As in our previous research, we saw that some of its components rely on VS Code. [...] Read more

Agentic AI challenges in IDE: Forensic and extraction of traces PART 2

- Posted in Incident Response by
Agentic AI challenges in IDE: Forensic and extraction of traces PART 2
Background: As we continue our research around agentic IDEs which can leave traces, because at some IR stages you need to deal with such things—especially when an engineer's machine was involved in [...] Read more

Agentic AI challenges in IDE: Forensic and extraction of traces PART 1

- Posted in Incident Response by
Agentic AI challenges in IDE: Forensic and extraction of traces PART 1
Background: With the rise of AI companions and agentic features in popular IDEs, these tools can now execute commands with user consent. This presents new challenges for digital forensic specialists, [...] Read more

AI-Powered Polymorphic Phishing Pages: Detection Methods and Defensive Strategies

- Posted in Threat Analyze by
AI-Powered Polymorphic Phishing Pages: Detection Methods and Defensive Strategies
Background: As AI technologies rapidly advance, it is essential for us as cybersecurity specialists to understand how we can defend against emerging threats. One scenario that comes to mind is the [...] Read more

Hunting for Threats in the Dark: Leverage AI Technology to Support Your Investigation

- Posted in Incident Response by
Hunting for Threats in the Dark: Leverage AI Technology to Support Your Investigation
Background: Threat actors have been leveraging AI in their attacks for some time now. Through searching for answers on how we as IR specialists can stand against this threat, I have come to a simple [...] Read more

Crafting and Case Study of Cost-Effective Universal Hardware Toolkits for specific IR cases

- Posted in Incident Response by
Crafting and Case Study of Cost-Effective Universal Hardware Toolkits for specific IR cases
Background: In the incident response discipline, it is often necessary to carry hardware in our bags that can make daily tasks more manageable. In our previous articles, we discussed how to leverage [...] Read more

Defensive Edge: Adapting Red Team Hardware for IR

- Posted in Incident Response by
Defensive Edge: Adapting Red Team Hardware for IR
Background: Red team specialists often use specialized hardware during operations. However, don't worry—this hardware isn't exclusive to red teams. Incident responders also can use some of hardware [...] Read more
Page 2 of 4