One of the most common problems faced by CTI analysts is the use of collected data to discover further elements of hostile activity, i.e. the so-called "pivoting". Simply put, pivoting consists in discovering other artifacts such as IP addresses or malware samples through the common points of contact of both elements. In the case of malware, this can […]
Shortly after setting up counterintelligence.pl, I also started the RonanVM project, i.e. a virtual machine image adapted to conduct OSINT investigations. Unfortunately, I don't have that much time to develop the project at the pace of Kali Linux, but I had the opportunity to make some changes and improvements recently. Moving on to the specifics: I also encourage you to use, in my opinion, the project […]
In the previous post, we dealt with the intelligence activity of the People's Liberation Army and how the reforms of the armed forces are aimed at improving their functioning in this field. This time we will focus on an agency dealing with typically intelligence tasks - the Ministry of State Security (国家 安全 部, MSS). To begin with a brief historical outline, the modern organization of the MSS is [...]
When I started working in cybersecurity as a SOC analyst, I often looked at job offers in the industry in my spare time. Contrary to malicious comments, it was not caused by the will to change the employer as soon as possible, but rather by learning career paths and planning the direction of development. I remember that one of the ads that caught my attention a lot [...]
Observing the practice of the US administration in the field of political tools applied to entities responsible for cyber operations against the States, indictments are one of the most visible elements. In recent years, we have seen, for example, indictments against a GRU officer, Chinese intelligence, or more recently FSB officials. On the surface, it may seem that such actions do not [...]
I started to write a post about malware analysis in the context of OSINT and threat intelligence for a long time. It is one of the most widely used sources of information and a common goal of analyst research, but at the same time a technically complex issue. If we are talking about advanced static analysis (of the file itself) and dynamic (observing the behavior of the file after running), it is [...]
In the previous post, I tried to present what types of cyber operations accompany military actions and how different types of operations are supposed to achieve their goals by different means. Some may have expected much more intense cyber activities in Ukraine, attacks on industrial networks or the massive use of wipers. Although there are no signals indicating [...]
One of the most common tasks related to OSINT and threat intelligence is the analysis of Internet domains in terms of infrastructure behind them and information about entities responsible for their creation. Domains are an important element of cyber operations, when they can be used for C2 communication, malware delivery and information operations, providing [...]
Hello to all readers in the new year! I hope it started positively for you and will be calmer for all of us than the passing one. So, to have some fun, we're going to play games today. Not just any games, certainly well-known to fans of both military and civil aviation. They will be [...]
Santa Claus aka Gwiazdor - one of the most famous and mysterious characters in the world. Every year, he provides gifts to children around the world, and therefore, in one day, he has to visit, according to various estimates, from 240 to 600 million homes (depending on what assumptions we make about [...]
English 
Polish