Home » Posts tagged threat_analyze

Researching CVE-2025-14847 (Mongo memory leak): Defensive Strategies and Detection Techniques

- Posted in Threat Analyze by
Researching CVE-2025-14847 (Mongo memory leak): Defensive Strategies and Detection Techniques
Background: A few days ago, there was a notification about a memory leak issue (CVE) affecting MongoDB. Shortly after, a proof-of-concept (POC) was released on one of the version control channels. As [...] Read more

AI-Powered Polymorphic Phishing Pages: Detection Methods and Defensive Strategies

- Posted in Threat Analyze by
AI-Powered Polymorphic Phishing Pages: Detection Methods and Defensive Strategies
Background: As AI technologies rapidly advance, it is essential for us as cybersecurity specialists to understand how we can defend against emerging threats. One scenario that comes to mind is the [...] Read more

Part3: Kernel protection preventive mechanisms in Linux systems and methods for monitoring them (Kernel address space layout randomization)

- Posted in Hardenings by
Part3: Kernel protection preventive mechanisms in Linux systems and methods for monitoring them (Kernel address space layout randomization)
Background: As we continue our discovery of Linux kernel protection mechanisms, we should also look at the built-in capability called Kernel Address Space Layout Randomization (KASLR). KASLR’s [...] Read more

Investigating Malicious Activity in WSL Environments

- Posted in Threat Analyze by
Investigating Malicious Activity in WSL Environments
Background: Some XDR and EDR solutions are not effective when dealing with threats hidden inside WSL. In certain cases, it can also be challenging for digital forensic specialists to detect threats [...] Read more

State-Linked Hacker Toolset Analysis & Defense Blueprint

- Posted in Threat Analyze by
State-Linked Hacker Toolset Analysis & Defense Blueprint
Background: Recently, some unknown specialists uploaded several dumps from servers that, according to their claims, are related to Kimsuky (State sponsored) systems. As cybersecurity defenders, we [...] Read more

Linux Volatile Memory Forensics: Key Caveats in Acquisition and Analysis [PART1]

- Posted in Incident Response by
Linux Volatile Memory Forensics: Key Caveats in Acquisition and Analysis [PART1]
Background: During the incident containment stage, there may be situations where it is necessary to acquire a volatile dump of RAM from hardware. Since we have already covered memory acquisition on [...] Read more

Knock, knock: Why the recent announcement about mobile spyware leak was fake

- Posted in Threat Analyze by
Knock, knock: Why the recent announcement about mobile spyware leak was fake
Background: Recently, a Telegram account announced the publication of source codes related to a mobile spyware. Before drawing any final conclusions, it is important to understand that this [...] Read more

Custom Approaches to Vulnerability Detection in Docker Containers

- Posted in Hardenings by
Custom Approaches to Vulnerability Detection in Docker Containers
Background: Today, the industry already provides the capability to use dedicated scanners for Docker images and containers. However, what if you do not have the budget to acquire such tools? In this [...] Read more

No Way to Escape: Linux Malware Sandbox Detection Development Fundamental Component from Scratch

- Posted in Threat Analyze by
No Way to Escape: Linux Malware Sandbox Detection Development Fundamental Component from Scratch
Background: Linux malware is a rare example that can be encountered within an environment during its functional process. This presents a real challenge for beginners attempting malware analysis [...] Read more

Defending Against ClickFix and FakeCaptcha: Detection Techniques for Modern Malware Campaigns

- Posted in Hardenings by
Defending Against ClickFix and FakeCaptcha: Detection Techniques for Modern Malware Campaigns
Background: ClickFix or FakeCaptcha attacks have become a common component of many attack campaigns. These techniques enable threat actors, with the user's unwitting assistance, to execute arbitrary [...] Read more
Page 1 of 3