We have already dealt with the military and civilian face of Chinese intelligence in the context of cyber operations. This time we will look at a service focused on more internal activities - the Ministry of Public Security. This organization was established in 1949 as a successor to the Central Department of Social Affairs. Functionally, its assumption was to ensure the overall internal security of China - from [...]
In the previous post, we dealt with the intelligence activity of the People's Liberation Army and how the reforms of the armed forces are aimed at improving their functioning in this field. This time we will focus on an agency dealing with typically intelligence tasks - the Ministry of State Security (国家 安全 部, MSS). To begin with a brief historical outline, the modern organization of the MSS is [...]
One of the biggest challenges of threat intelligence is determining the intent of attackers. It is not always possible, but if we have to face such a challenge, it is helpful to understand the context of attackers' activities and the organization in which they operate. So in the next posts we will look at one of the main players on the cyber scene - [...]
In the previous post, we looked at how terrorist groups use social media to support their activities, and this time we will look at how the intelligence and military services can use the Internet to carry out anti-terrorist activities. As I indicated previously, terrorism is prosecuted and fought with all the power of the state apparatus, including in [...]
When I started working in cybersecurity as a SOC analyst, I often looked at job offers in the industry in my spare time. Contrary to malicious comments, it was not caused by the will to change the employer as soon as possible, but rather by learning career paths and planning the direction of development. I remember that one of the ads that caught my attention a lot [...]
The COVID pandemic has had an extremely dramatic impact on various aspects of our lives, and when it comes to the cybersecurity industry, one of its most "visible" effects was the cancellation of many industry conferences. Now, however, the time is slowly approaching when they are going back to the offline version. And one of such events is CONFidence, for which [...]
In the previous post, we looked at the creation and functionality of YARA rules, which are an invaluable aid to analysts in detecting and classifying files. Some might say, however, that today is not enough. After all, living off the land attacks are becoming more and more popular, where attackers do not use additional software, but are satisfied with [...]
In the post about finding information about malware samples in open sources, I briefly mentioned the use of YARA rules and described the basics of using them in the context of HybridAnalysis. However, this tool is important and universal in the work of a CTI analyst, incident responder or threat hunter, that it is definitely worth devoting a separate [...]
Observing the practice of the US administration in the field of political tools applied to entities responsible for cyber operations against the States, indictments are one of the most visible elements. In recent years, we have seen, for example, indictments against a GRU officer, Chinese intelligence, or more recently FSB officials. On the surface, it may seem that such actions do not [...]
On counterintelligence.pl I have already devoted a lot of space to OSINT and threat intelligence. We must not forget, however, that the interview in its various forms is primarily a supporting function. It supports decision-making, incident response and detection of malicious activity. And threat hunting is an activity that one way or another must in its [...]
English 
Polish