Threat Inteliigence / OSINT / NETSEC / NATSEC

When the DoJ publishes your photo - about indictments and cyber operations

Observing the practice of the US administration in the field of political tools applied to entities responsible for cyber operations against the States, indictments are one of the most visible elements. In recent years, we have seen, for example, indictments against a GRU officer, Chinese intelligence, or more recently FSB officials. On the surface, it may seem that such actions do not [...]

Hunting - putting CTI to work

On I have already devoted a lot of space to OSINT and threat intelligence. We must not forget, however, that the interview in its various forms is primarily a supporting function. It supports decision-making, incident response and detection of malicious activity. And threat hunting is an activity that one way or another must in its [...]

Hunting for implants - OSINT malware analysis

I started to write a post about malware analysis in the context of OSINT and threat intelligence for a long time. It is one of the most widely used sources of information and a common goal of analyst research, but at the same time a technically complex issue. If we are talking about advanced static analysis (of the file itself) and dynamic (observing the behavior of the file after running), it is [...]

A look at cyber operations during the first days of the conflict in Ukraine

In the previous post, I tried to present what types of cyber operations accompany military actions and how different types of operations are supposed to achieve their goals by different means. Some may have expected much more intense cyber activities in Ukraine, attacks on industrial networks or the massive use of wipers. Although there are no signals indicating [...]