One of the most common problems faced by CTI analysts is the use of collected data to discover further elements of hostile activity, i.e. the so-called "pivoting". Simply put, pivoting consists in discovering other artifacts such as IP addresses or malware samples through the common points of contact of both elements. In the case of malware, this can […]
Shortly after setting up counterintelligence.pl, I also started the RonanVM project, i.e. a virtual machine image adapted to conduct OSINT investigations. Unfortunately, I don't have that much time to develop the project at the pace of Kali Linux, but I had the opportunity to make some changes and improvements recently. Moving on to the specifics: I also encourage you to use, in my opinion, the project […]
Threat hunting is not an easy task. The multitude of ways in which attackers can implement the next stages of the attack makes the detection scenarios seem endless. That is why it is so important to properly prioritize and focus on the stages of intrusion during which attackers have less room to manoeuvre. And just the perfect attack phase for this […]
The recent history of breaking into Uber or reappearing reports on Emotet's activity may raise questions about the legitimacy of individual functions in the overall security organization of the organization. After all, why advanced forensics teams to produce threat intelligence or threat hunting when the problem is underlying? This very much […]
The holiday season is good for catching up on books, so let's take a look at the subject at counterintelligence.pl, so let's call it a book-historical topic. It will be no secret that CTI is quite a fledgling field. Even if we look at the distance that separates information protection as such from information protection in the context of computer networks, threat intelligence will be an even younger discipline. […]
In the previous post, we dealt with the intelligence activity of the People's Liberation Army and how the reforms of the armed forces are aimed at improving their functioning in this field. This time we will focus on an agency dealing with typically intelligence tasks - the Ministry of State Security (国家 安全 部, MSS). To begin with a brief historical outline, the modern organization of the MSS is [...]
One of the biggest challenges of threat intelligence is determining the intent of attackers. It is not always possible, but if we have to face such a challenge, it is helpful to understand the context of attackers' activities and the organization in which they operate. So in the next posts we will look at one of the main players on the cyber scene - [...]
In the previous post, we looked at how terrorist groups use social media to support their activities, and this time we will look at how the intelligence and military services can use the Internet to carry out anti-terrorist activities. As I indicated previously, terrorism is prosecuted and fought with all the power of the state apparatus, including in [...]
In the previous post, we looked at the creation and functionality of YARA rules, which are an invaluable aid to analysts in detecting and classifying files. Some might say, however, that today is not enough. After all, living off the land attacks are becoming more and more popular, where attackers do not use additional software, but are satisfied with [...]
In the post about finding information about malware samples in open sources, I briefly mentioned the use of YARA rules and described the basics of using them in the context of HybridAnalysis. However, this tool is important and universal in the work of a CTI analyst, incident responder or threat hunter, that it is definitely worth devoting a separate [...]
English 
Polish