Threat Inteliigence / OSINT / NETSEC / NATSEC

OSINT in perspective - US IC OSINT strategy 2024-2026

The US Intelligence Community (IC) is formalizing its approach to the use of open sources, as evidenced by the recently presented OSINT strategy for 2024-2026. The document outlines a clear vision for the future of the discipline, setting the stage for significant advances in how open source data is used for intelligence purposes. In this blog post, we will summarize key strategy concepts, […]

OSINT uphill - open sources of information and the spectrum of their availability

I recently had the opportunity to participate in the FIRST CTI Conference in Berlin, where I talked about how OSINT is not always as open as it might seem. Since the presentation included the methods and sources of specific analysts, I preferred to stay with TLP Green. In this post, however, I would like to present the main theses and problems that […]

MPS - Ministry of Public Security of China and cyber policy

We have already dealt with the military and civilian face of Chinese intelligence in the context of cyber operations. This time we will look at a service focused on more internal activities - the Ministry of Public Security. This organization was established in 1949 as a successor to the Central Department of Social Affairs. Functionally, its assumption was to ensure the overall internal security of China - from [...]

Jack Bauer on Facebook - terrorism and social media

When I started working in cybersecurity as a SOC analyst, I often looked at job offers in the industry in my spare time. Contrary to malicious comments, it was not caused by the will to change the employer as soon as possible, but rather by learning career paths and planning the direction of development. I remember that one of the ads that caught my attention a lot [...]

Hunting for implants - OSINT malware analysis

I started to write a post about malware analysis in the context of OSINT and threat intelligence for a long time. It is one of the most widely used sources of information and a common goal of analyst research, but at the same time a technically complex issue. If we are talking about advanced static analysis (of the file itself) and dynamic (observing the behavior of the file after running), it is [...]

A look at cyber operations during the first days of the conflict in Ukraine

In the previous post, I tried to present what types of cyber operations accompany military actions and how different types of operations are supposed to achieve their goals by different means. Some may have expected much more intense cyber activities in Ukraine, attacks on industrial networks or the massive use of wipers. Although there are no signals indicating [...]

In the wilderness of mirrors - attribution in the context of threat intelligence

One of the most polarizing and imaginative issues in the practice of analyzing hostile activity is attribution, i.e. an attempt to define specific entities, organizations or persons responsible for the operation. The interest in "who did it" should come as no surprise - the process of analyzing cyber activity often takes the exact opposite of investigating "ordinary" crimes. […]

By observing Internet houses - we analyze domains and their infrastructure

One of the most common tasks related to OSINT and threat intelligence is the analysis of Internet domains in terms of infrastructure behind them and information about entities responsible for their creation. Domains are an important element of cyber operations, when they can be used for C2 communication, malware delivery and information operations, providing [...]

en_USEnglish