• Going ‘Undercover’ on Dark Web Forums.

    An important part of cyber intelligence and threat research is HUMINT, or Human Intelligence, the process of collecting intelligence from real people, through interactions. The world of cyber crime is a thriving, chaotic ecosystem with a remarkable amount of structure, and is a place where researchers and intelligence professionals routinely collect data both through HUMINT,…

  • I made my own Ransomware.

    Around February last year I wrote a script that would act as a simulation of Ransomware, so I thought I’d write a quick article on how it works. The script (located here) uses AES Encryption/Decryption written in PowerShell to simulate a ransomware exploit. The configurable parameters allow you to isolate and specify the files that…

  • Unravelling a Cryptocurrency Scam

    A couple of months ago I received a message request on Twitter, one that I imagine many people receive every so often as I have. A user was congratulating me on winning a giveaway for BTC that I didn’t even have to enter for! Imagine my luck. A bit of background digging and it looks…

  • Using SpiderFoot for Cyber Threat Intelligence

    Cyber Threat Intelligence (CTI) is a complex cat-and-mouse game where blue team cyber professionals are endlessly looking for IOCs, trends, and information from thousands of sources in order to scrape together additional defense against intrusions. Incident response (IR) engagement often fuels CTI by providing IOCs from known breach attempts (successful or otherwise) that can be…

  • How OSINT Can Be Used to Elevate DFIR

    In the world of cyber security, a lot of money, time and resources are put towards preventing what could arguably be described as the inevitable – compromise. Businesses manage risk, and part of that risk includes what happens when the company is inevitably breached by a malicious actor. In my line of work, this is…

  • Have You Ever Wondered What Happens to Your Phone After Getting Robbed?

    In a lot of major cities in the world, pickpocketing and phone-snatch robberies are very common. Modern smartphones are expensive and easy to sell, and it makes them better targets than wallets that often contain no cash. There’s a reassuring catch to this malicious activity however, in that most modern smartphones, such as iPhones, are…

  • Using OSINT in Offensive Reconnaissance: Part 2 – Validation

    In the last blog we started down a path of seeing how effective SpiderFoot is in the early stages of investigating a public bug bounty program for low hanging fruit exploits. In this blog, we’ll go into detail on some of the things we found and validate them to see if they’re current, and of…

  • Using OSINT in Offensive Reconnaissance: Part 1 – Discovery

    SpiderFoot is often used as a diverse Attack Surface Management (ASM) tool, or a way to collate information for OSINT investigations from numerous sources, but within this blog I’m going to dive into how I used SpiderFoot to discover and enumerate hosts as part of an attack strategy. Of course, this will be using a…

  • Using OSINT on a Bug Bounty Program

    No matter what your company does, as you grow and offer more services on the internet, the greater you are at risk of attack by an adversary. The best way I can describe how this often is, and bear with me, is with chemistry. You’ll have learned in school that the greater the surface area,…

  • Investigating a Threat Actor from a Business Email Compromise

    Working as a SOC Analyst, I come across dozens of phishing attempts a day. Most of these are just that – attempts. However, late last year, one malicious actor got further than most, giving us the dreaded call from a client: “A user has clicked an email, we need you to check it out”. Luckily…