Introduction While most cloud CLI tools provide a one-to-one correlation between an API being invoked and a single corresponding API event being generated in cloud log telemetry, browser-based interactive console sessions differ profoundly across cloud providers in ways that obfuscate the original a…
Category: Interesting Stuff
Hard disks are the containers that hold our evidence files “from the investigator’s perspective”, understanding them is mandatory for every forensic analyst as they can provide valuable information within the investigation. As the investigator is required to handle the case with caution to preserve…
Introduction Hello, I’m RyotaK ( @ryotkak ), a security engineer at Flatt Security Inc. Recently, I reported multiple vulnerabilities to several programming languages that allowed an attacker to perform command injection on Windows when the specific conditions were satisfied.Today, af…
What is RDP, why is it a very nearly ubiquitous finding in incident response, and how can investigators run it to ground it when it goes wrong? An Active Adversary Special Report. Remote Desktop Protocol: The Series Part 1: Remote Desktop Protocol: Introduction (post, video) Part 2: Remote Desktop P…
The list comprises 25 influential figures in the technology sector, arranged by age from youngest to oldest. These individuals are recognized for their significant contributions across various areas of technology, including internet innovations, software development, consumer electronics, and digita…
Must-Read Cybersecurity Blogs [List of Blogs & Websites] 1. Unsupervised Learning An experienced cybersecurity expert, consultant and writer, Miessler takes a personal approach on his blog with an “about me” page that not only details his professional interests but also his hobbies, interes…
Experience Level required: beginner In this blog we will Learn how to analyze MS Office Macro enabled Documents. 1st sample: 8d15fadf25887c2c974e521914bb7cba762a8f03b1c97a2bc8198e9fb94d45a5 2nd sample: a9f8b7b65e972545591683213bb198c1767424423ecc8269833f6e784aa8bc99 Let’s see the sample in Virus Tot…
A Virtual Private Network (VPN) is a technology that creates a secure and encrypted connection over a less secure network, such as the internet. It allows users to send and receive data across shared or public networks as if their computing devices were directly connected to a private network. This…
Krebs on Security is a popular blog focused on in-depth security news and investigations. It’s authored by Brian Krebs, a well-known journalist in the field of cybersecurity. The site provides detailed coverage of security threats, breaches, cybercrime, and other related topics aimed at educating re…
Anyone who has had to deal with HTML emails on a technical level has probably reached the point where they wanted to quit their job or just set fire to all the mail clients due to their inconsistent implementations. But HTML emails are not just a source of frustration, they can also be a serious sec…
Cyber threat intelligence (CTI) is a framework for collecting, processing, and analyzing information about potential or ongoing cyber threats. Put simply, it’s the collection of various types of threat intelligence, such as IOCs, TTPs used by threat actors, and their motivations and capabilit…
Phishing is one of the most common and effective cyberattack vectors that threat actors use to compromise email accounts, steal sensitive data, and deliver malware. Recently, we have observed a new trend in phishing campaigns that leverage QR codes embedded in emails to evade detection and trick use…
Attacker launches password spray Attacker Password spray: hydra -L users.txt -P seasons-2023.txt 192.168.37.237 smb -u Defender Count successful (4624) and failed (4625) logins: Get-WinEvent -Path C:labsvalkyrie-security-logons.evtx | Group-Object id -NoElement | sort count Attacker uses spra…
What is CyberChef? CyberChef – The Cyber Swiss Army Knife – is a web-based utility that allows analysts to manipulate or transform inputs based on a series of steps called a recipe. The versatile tool is used by a wide range of individuals, including cybersecurity analysts, researchers, and enthusia…
We hear about “cyber attacks” in the news every week! But – what actually happens ‘during’ the attack, what happens in the background, behind the scenes, from the moment the event ‘begins’ until the moment it’s realized something is amiss? Or worse – when it’s not realized something is amiss a…