The last two posts concerned hiding traces of malicious activity in the environment and attempts to confuse analysts. This time we will focus on traces that allow us to determine what the user or the attacker was doing. Forensic analysis can have two main purposes. In cases most often associated with threat intelligence, we will try to detect the activities of attackers leading […]
In the previous post, we dealt with one of the most popular anti-forensic techniques – timestomping. So we changed the timestamps of the files to confuse the analysts and make the files appear unrelated to malicious activity. This time we will try to transfer timestomping to another source of evidence - the Windows registry. The registry is definitely one of the […]
As I mentioned in the blog, threat intelligence is essentially threat counterintelligence - the process of stopping hostile infiltration of the environment. This time we will deal with a strictly technical issue related to how attackers can try to (anti-forensic) hide traces of their activities and how to detect such activities. The starting point for our considerations [...]
When we think of cyber operations conducted on behalf of or under the direction of the government, we usually think of intelligence agencies and military units. NSA, GRU, MSS or PLA are examples of this type of professional government organizations employing officers to implement state policy by cyber means. However, there is a state that is equally active in this space, [...]
Counterintelligence.pl is pleased to invite you to a unique event, the Oh My H @ ck conference, which will take place on December 3 in Warsaw! Cybercrime, reverse engineering, cyber threat intelligence or forensics are just some of the paths in the program of the Oh My H @ ck stationary conference, whose leading theme is cybersecurity. This is a great opportunity [...]
The name of the blog obliges us, therefore, this time we deal with the latest events in the field of catching intelligence officers and fighting the operations they conduct. The opportunity for this was provided by the US Department of Justice, publishing indictments against a total of thirteen people accused of espionage, as well as Mandiant who published a report describing the detected Chinese outflow operations. IN […]
The recent history of breaking into Uber or reappearing reports on Emotet's activity may raise questions about the legitimacy of individual functions in the overall security organization of the organization. After all, why advanced forensics teams to produce threat intelligence or threat hunting when the problem is underlying? This very much […]
Information operations, impact operations or the so-called active measures are quite a specific aspect of cyber activities. It would seem that this is an issue completely separate from cyber espionage or sabotage. However, due to the great role played by the Internet, social media and other forms of digital communication, often [...]
The state's approach to activities in cyberspace is a river topic and a subject of discussion both on the political and academic level. It is all the more interesting how different countries develop their doctrines and face, for example, the problem of how to react to incidents, how to treat those whose source is criminal activity, and how [...]
[Disclaimer: This post has nothing to do with threat intelligence, osint, opsecs, natsecami and other secs. I post it here only because counterintelligence.pl is my site, the content of which is fully controlled, so it's more convenient for me to describe the matter here than to post on any social networking sites.] TL; DR: I ordered a computer from morele.net (selected [... ]
English 
Polish