Supply Chain Risk: Exploiting Abandoned Domains of Linux Package Maintainers

- Posted in Other by
Supply Chain Risk: Exploiting Abandoned Domains of Linux Package Maintainers
Background: In my recent articles, we discussed a lot various supply chain attack scenarios. This led me to think about a new type of supply chain attack, specifically targeting Linux package [...] Read more

Adversarial nation IT talent

- Posted in Other by
Adversarial nation IT talent
Background: Sometimes, as an organization grows, it needs to hire specialists for remote work. However, you can never be certain whether the person standing opposite you is an impostor attempting to [...] Read more

Linux Volatile Memory Forensics: Key Caveats in Acquisition and Analysis [PART 2 Final]

- Posted in Incident Response by
Linux Volatile Memory Forensics: Key Caveats in Acquisition and Analysis [PART 2 Final]
Background: In our previous article, we discussed and compared various tools that facilitate the acquisition of volatile memory . In this article we are going to cover final part of our challenge to [...] Read more

State-Linked Hacker Toolset Analysis & Defense Blueprint

- Posted in Threat Analyze by
State-Linked Hacker Toolset Analysis & Defense Blueprint
Background: Recently, some unknown specialists uploaded several dumps from servers that, according to their claims, are related to Kimsuky (State sponsored) systems. As cybersecurity defenders, we [...] Read more

Linux Volatile Memory Forensics: Key Caveats in Acquisition and Analysis [PART1]

- Posted in Incident Response by
Linux Volatile Memory Forensics: Key Caveats in Acquisition and Analysis [PART1]
Background: During the incident containment stage, there may be situations where it is necessary to acquire a volatile dump of RAM from hardware. Since we have already covered memory acquisition on [...] Read more

Essential Data Acquisition and Digital Forensics for Incident Responders

- Posted in Incident Response by
Essential Data Acquisition and Digital Forensics for Incident Responders
Background: In a previous article, we discussed the method for creating a USB flash drive to acquire forensic images. In this article, I'll explain how to leverage the previously created tool during [...] Read more

Communicating Incident Response: A Reporting Framework for the C-Suite

- Posted in Incident Response by
Communicating Incident Response: A Reporting Framework for the C-Suite
Background: Incident response is divided into two parts: hands-on activities and management activities. We have discussed hands-on activities extensively. However, if we want to present the activity [...] Read more

Infinity War: Threat in the Docker Images

- Posted in Other by
Infinity War: Threat in the Docker Images
Background: In one of our previous articles, we discussed analyzing Docker images for vulnerabilities at the operating system level. In this article, we will explore another attack pattern related to [...] Read more

Knock, knock: Why the recent announcement about mobile spyware leak was fake

- Posted in Threat Analyze by
Knock, knock: Why the recent announcement about mobile spyware leak was fake
Background: Recently, a Telegram account announced the publication of source codes related to a mobile spyware. Before drawing any final conclusions, it is important to understand that this [...] Read more

Custom Approaches to Vulnerability Detection in Docker Containers

- Posted in Hardenings by
Custom Approaches to Vulnerability Detection in Docker Containers
Background: Today, the industry already provides the capability to use dedicated scanners for Docker images and containers. However, what if you do not have the budget to acquire such tools? In this [...] Read more
Page 5 of 11