Threat Inteliigence / OSINT / NETSEC / NATSEC

Attackers in the bottleneck - lateral movements and threat hunting

Threat hunting is not an easy task. The multitude of ways in which attackers can implement the next stages of the attack makes the detection scenarios seem endless. That is why it is so important to properly prioritize and focus on the stages of intrusion during which attackers have less room to manoeuvre. And just the perfect attack phase for this […]

Contract cyber - Iran and its way of conducting cyber operations

When we think of cyber operations conducted on behalf of or under the direction of the government, we usually think of intelligence agencies and military units. NSA, GRU, MSS or PLA are examples of this type of professional government organizations employing officers to implement state policy by cyber means. However, there is a state that is equally active in this space, [...]

Scale and cycle - the role of threat intelligence in the organization

The recent history of breaking into Uber or reappearing reports on Emotet's activity may raise questions about the legitimacy of individual functions in the overall security organization of the organization. After all, why advanced forensics teams to produce threat intelligence or threat hunting when the problem is underlying? This very much […]

Kent and Heuer - The roots of CTI in a traditional interview

The holiday season is good for catching up on books, so let's take a look at the subject at counterintelligence.pl, so let's call it a book-historical topic. It will be no secret that CTI is quite a fledgling field. Even if we look at the distance that separates information protection as such from information protection in the context of computer networks, threat intelligence will be an even younger discipline. […]

MSS - Ministry of State Security and its cyber activities

In the previous post, we dealt with the intelligence activity of the People's Liberation Army and how the reforms of the armed forces are aimed at improving their functioning in this field. This time we will focus on an agency dealing with typically intelligence tasks - the Ministry of State Security (国家 安全 部, MSS). To begin with a brief historical outline, the modern organization of the MSS is [...]

PLA on the cyber front - Chinese armed forces and cyber operations

One of the biggest challenges of threat intelligence is determining the intent of attackers. It is not always possible, but if we have to face such a challenge, it is helpful to understand the context of attackers' activities and the organization in which they operate. So in the next posts we will look at one of the main players on the cyber scene - [...]

Keyboard strike - cyber anti-terrorist operations

In the previous post, we looked at how terrorist groups use social media to support their activities, and this time we will look at how the intelligence and military services can use the Internet to carry out anti-terrorist activities. As I indicated previously, terrorism is prosecuted and fought with all the power of the state apparatus, including in [...]

Sigma (grindset?) Rules - find suspicious events with Sigma

In the previous post, we looked at the creation and functionality of YARA rules, which are an invaluable aid to analysts in detecting and classifying files. Some might say, however, that today is not enough. After all, living off the land attacks are becoming more and more popular, where attackers do not use additional software, but are satisfied with [...]

YARA rules! - about YARA rules and writing them.

In the post about finding information about malware samples in open sources, I briefly mentioned the use of YARA rules and described the basics of using them in the context of HybridAnalysis. However, this tool is important and universal in the work of a CTI analyst, incident responder or threat hunter, that it is definitely worth devoting a separate [...]

When the DoJ publishes your photo - about indictments and cyber operations

Observing the practice of the US administration in the field of political tools applied to entities responsible for cyber operations against the States, indictments are one of the most visible elements. In recent years, we have seen, for example, indictments against a GRU officer, Chinese intelligence, or more recently FSB officials. On the surface, it may seem that such actions do not [...]

en_USEnglish