threat_analyze

Inside the Attack: How Smishing Campaigns Are Evolving with Covert Data Theft Methods

16 May 2025 - Posted in Threat Analyze by Jok3r

Background: Recently, there has been a noticeable increase in attacks carried out by fraudsters. These attackers use various delivery methods, ranging from social media platforms to SMS messages and [...] Read more

Navigating Incident Response When Logs Are Missing

25 April 2025 - Posted in Incident Response by Jok3r

Background: In incident response log collection, you might encounter situations where EDR/XDR solutions or log collectors are not present on a machine. Additionally, some syslogs might be missing. [...] Read more

Achieving Persistence for Harmful Code on Specific Devices

18 April 2025 - Posted in Other by Jok3r

Background: Some modern devices hold significant importance to attackers in the current threat landscape, especially mobile devices. The techniques used vary depending on the operating system [...] Read more

Exfiltrating Data via Images and Why trained Models Aren’t Ready for Malware Core Integration

12 April 2025 - Posted in Other by Jok3r

Background: Today’s cybersecurity landscape is full of different malware families, and one notable type is infostealers. Infostealers operate by executing a payload on the victim’s machine, [...] Read more

Mitigating Cloud Risks: Simple Steps to Prevent Incidents

05 April 2025 - Posted in Hardenings by Jok3r

Background: Based on well-known practices and yearly reviews over the infosec industry channels, a significant part of incidents occurring in the cloud are primarily caused by misconfigurations of [...] Read more

The Evolution of Malware Infection Chains: Analysis of Multiplication and Complexity Over the Years

01 March 2025 - Posted in Other by Jok3r

Background: In a perfect scenario, before malware is executed on a victim's machine, it must go through several stages and specialists. First, a core malware function writer develops its primary [...] Read more

Fortifying Cyber Defenses: Correlating Data Leaks, LLMs, and Official Guidelines to Combat Ransomware

22 February 2025 - Posted in Hardenings by Jok3r

Background: I came across an interesting method that highlights why integrating Threat Intelligence, Official Recommendations, and LLMs can create a more robust perimeter to combat threats like [...] Read more

Abusing Trusted Relationships (T1199): Delivering Malicious Emails by Compromising Historical Recipients

26 January 2025 - Posted in Threat Analyze by Jok3r

Background: From time to time, the infosec community observes trends where threat actors abuse Trusted Relationships (T1199) to deliver malware to known recipients. This technique exploits the fact [...] Read more

Silent Intrusion: Sophisticated Threat Actor Exploits Fake Job Offers and Video Calls for Malware Delivery

22 January 2025 - Posted in Threat Analyze by Jok3r

Background: In one of my previous articles, I covered the challenges associated with fake job interviews. This type of attack has also been leveraged by highly sophisticated groups. I would like to [...] Read more

Tracking Seized Domains: Checking Your Environment for Harmful Domain IOCs

30 November 2024 - Posted in Threat Analyze by Jok3r

Background: It’s no secret that international law enforcement agencies periodically seize domains linked to cyber threats, criminal activities, and other harmful purposes. Every cybersecurity [...] Read more