Large Language Model It’s a type of AI model built using Machine Learning (ML) techniques that can understand, generate, and interact in human language. LLMs are trained on massive datasets (books,...

A Venn diagram that represents the relationship between Threat Intelligence, Threat Hunting, and Digital Forensics and Incident Response (DFIR) can be a great way to visualize how these three...

Session hijacking is a type of cyber attack where an attacker gains unauthorized access to a user session. This typically involves stealing or manipulating a session token or session identifier,...

The word "auditing" is used in most technologies in a variety of contexts. As a SOC analyst, I hear the term "log auditing" at least a dozen times throughout a work shift. Mostly it will be related...

DNS (Domain Name System) status codes, also known as DNS response codes or DNS error codes, are numerical codes that indicate the outcome of a DNS query. When a device, such as a web browser, tries...

Data Loss Prevention (DLP) systems are designed to prevent the unauthorized disclosure or leakage of sensitive information from an organization. However, like any security measure, DLP solutions are...

In my previous blog post, I demonstrated the process of identifying executable packers and static analysis tools. In this blog, we will explore how to analyze the sample using a powerful Disassembler...

In my earlier blog post, I demonstrated the process of analyzing executable packers. In this current blog, we will explore additional static malware analysis tools. Prior to that, we will examine why...

1. Attack utilizing a known vulnerability An attacker utilizing a known vulnerability has been detected.Detection:• Network detection from IDS/IPS/network threat detection capability• Endpoint...

1. Brute Forcing Details:Attacker trying to guess a password by attempting several different passwordsThreat Indicators:Multiple login failures in a short period of timeWhere To Investigate:• Active...

Source/Credits/Written By: Izzmier Izzuddin Zulkepli 1. What is your process for conducting a security incident investigation? When conducting a security incident investigation, my process involves...

1. Threat Hunting Hypothesis Web Proxy- find consistent HTTP beaconing behaviour which may indicate malware C2 Hunt Scenario Description Malware C2 frequently establish regular request intervals...

Source/Credits/Written By: Luc Deo-Gracias SEMASSA Wireshark is a popular network protocol analyzer that allows you to capture and analyze network traffic in real-time. It is commonly used by...

Source/Credits/Written By: Prasannakumar B Mundas ABSTRACT This document will help and guide you to start your first threat hunting based on MITRE ATT&CK Tactics. Reconnaissance Objective: Identify...

Check Point Research recently discovered three vulnerabilities in the Microsoft Message Queuing service commonly known as MSMQ. These vulnerabilities were disclosed to Microsoft and patched in the...

Malware analysis is an essential part in the field of cybersecurity, and many security researchers are now exploring both static and dynamic analysis techniques. Initially, we will start with Static...

A phishing email is a type of scam where an attacker attempts to trick the recipient into revealing sensitive information, such as login credentials or personal details. Recently soc investigation...

A new Emotet phishing campaign targets US taxpayers under the guise of W-9 tax forms allegedly sent by the Internal Revenue Service and companies you work with. Emotet is a notorious malware infect...

Hijacking digital signatures is a form of cyber attack where an attacker gains unauthorized access to a digital signature and uses it to sign and distribute malicious code or content. Digital...

Vidar is a type of malware that belongs to the category of information stealers. It is designed to infect Windows-based systems and is known for its ability to steal sensitive information such as...