Cybersecurity threat portal - Blog related to cybersecurity threat

T1590.001: Exposed Domain Registration Records – A Tool for Both Threat Actors and Cyber Defenders

04 February 2025 - Posted in Hardenings by Jok3r

Background: Before coming across this shared article, I noticed an interesting correlation: sometimes, domain registrar customers forget to enable email privacy. Once this oversight is discovered, [...] Read more

Abusing Trusted Relationships (T1199): Delivering Malicious Emails by Compromising Historical Recipients

26 January 2025 - Posted in Threat Analyze by Jok3r

Background: From time to time, the infosec community observes trends where threat actors abuse Trusted Relationships (T1199) to deliver malware to known recipients. This technique exploits the fact [...] Read more

Silent Intrusion: Sophisticated Threat Actor Exploits Fake Job Offers and Video Calls for Malware Delivery

22 January 2025 - Posted in Threat Analyze by Jok3r

Background: In one of my previous articles, I covered the challenges associated with fake job interviews. This type of attack has also been leveraged by highly sophisticated groups. I would like to [...] Read more

Identifying the Root Cause of Cybersecurity Incidents Involving Exploit Detonation on Windows Machines

06 January 2025 - Posted in Incident Response by Jok3r

Background: During the incident response stage of "Log Collection," it is highly valuable to collect comprehensive data from the servers, especially when the affected system is running Windows OS. [...] Read more

Case Study: Tackling Extension Infections with a Budget-Friendly Scratch Project

01 January 2025 - Posted in Threat Analyze by Jok3r

Backgound: Following a notification from a company that fell victim to a supply chain attack, where attackers compromised their Chrome extension, I realized the importance of addressing this issue. [...] Read more

When APTs Knock on Your Wi-Fi: Real-World Lessons for Better Security

26 December 2024 - Posted in Other by Jok3r

Background: Recently, I came across a notification about a highly targeted attack against a U.S. company, where the attacker exploited a neighboring network to perform lateral movement into the [...] Read more

Strategies for Discovering C2 Servers During the Incident Response Log Collection and Analyze Stage

07 December 2024 - Posted in Other by Jok3r

Background: During malware analysis on assets, one of the best approaches is not only to focus on identifying the exact malware but also to look for signs of other malware based on external calls [...] Read more

Tracking Seized Domains: Checking Your Environment for Harmful Domain IOCs

30 November 2024 - Posted in Threat Analyze by Jok3r

Background: It’s no secret that international law enforcement agencies periodically seize domains linked to cyber threats, criminal activities, and other harmful purposes. Every cybersecurity [...] Read more

Weaponizing Trust: The Fight Against Signed Malicious Code

25 November 2024 - Posted in Other by Jok3r

Background: During the MITRE ATT&CK Initial Access stage (T1199), attackers often impersonate trusted sources to gain a foothold in the target environment. By originating their activities from [...] Read more

Scalable Snapshot Management in the Cloud for Windows and Linux Systems: Best Practices for Data Security and Forensics

15 November 2024 - Posted in Incident Response by Jok3r

Background: During a cybersecurity incident in the cloud, one of the mandatory steps is to take a snapshot of the machine that contains the threat, isolate it, and preserve the snapshot or filesystem [...] Read more