In recent days, the world has been shaken by an argument in the Oval Office between Donald Trump and Volodymyr Zelensky, which may indicate a radical change in the direction of US policy towards Ukraine. But while a sharp exchange of words does not always have to translate into the outcome of negotiations, journalists report that two disturbing changes have already occurred in the cyber sphere. […]
To start this post, a few words about counterintelligence.pl. I haven’t published here for almost a year, but this has nothing to do with the decline in interest in counterintelligence topics 🙂 Quite the opposite, and from April 2024 to the end of March this year I am a Virtual Routes (formerly European Cyber Conflict Research Initiative) scholarship holder and […]
The US Intelligence Community (IC) is formalizing its approach to the use of open sources, as evidenced by the recently presented OSINT strategy for 2024-2026. The document outlines a clear vision for the future of the discipline, setting the stage for significant advances in how open source data is used for intelligence purposes. In this blog post, we will summarize key strategy concepts, […]
I recently had the opportunity to participate in the FIRST CTI Conference in Berlin, where I talked about how OSINT is not always as open as it might seem. Since the presentation included the methods and sources of specific analysts, I preferred to stay with TLP Green. In this post, however, I would like to present the main theses and problems that […]
In the previous post, in which I described my trip to the NSA National Cryptology Museum, I mentioned that the topic of how nuclear warheads are secured is extremely interesting to me, so this time we will take a look at this area of security. It is difficult for me to imagine a situation or environment in which system imperfections (both causing false [...]
Full photo gallery available here :) Even though my visit to the USA was purely a holiday, I couldn't miss the opportunity to visit the NSA. Unfortunately, it is not possible to visit the agency itself, but it is the only one of the organizations that make up the United States Intelligence Community that has its part open […]
One of the most common problems faced by CTI analysts is the use of collected data to discover further elements of hostile activity, i.e. the so-called "pivoting". Simply put, pivoting consists in discovering other artifacts such as IP addresses or malware samples through the common points of contact of both elements. In the case of malware, this can […]
Shortly after setting up counterintelligence.pl, I also started the RonanVM project, i.e. a virtual machine image adapted to conduct OSINT investigations. Unfortunately, I don't have that much time to develop the project at the pace of Kali Linux, but I had the opportunity to make some changes and improvements recently. Moving on to the specifics: I also encourage you to use, in my opinion, the project […]
Threat hunting is not an easy task. The multitude of ways in which attackers can implement the next stages of the attack makes the detection scenarios seem endless. That is why it is so important to properly prioritize and focus on the stages of intrusion during which attackers have less room to manoeuvre. And just the perfect attack phase for this […]
The last two posts concerned hiding traces of malicious activity in the environment and attempts to confuse analysts. This time we will focus on traces that allow us to determine what the user or the attacker was doing. Forensic analysis can have two main purposes. In cases most often associated with threat intelligence, we will try to detect the activities of attackers leading […]
English 
Polish