A brief story regarding cobalt team server operators being lazy AF!

Sometimes I feel like I’m living in a cyberpunk world, pun intended.

TLDR; Current assessment (using cb_looper) testing cobalt strike C2 beacons have stock standard configurations with minor to no variation in complexity and are easily detected by leveraging the below process flow.

I wanted to see how many cobalt team…


Have you ever thought this packet capture was suspect even though standard tools/processes said it was ok? This post will detail some interesting triage steps to find malicious artefacts that automated tools sometimes miss and create a Suricata rule to detect said artefacts in future! …

Photo Credit — @heyerlein (The perception of a form via smaller artefacts)

One small step to reduce your online exposure.

Understanding the basics

File-based metadata is defined as the attributes assigned to files that enable you to understand the file characteristics, excluding the content of a said file. File metadata enables file characterisation and is used by software, databases and other systems. (reference)

When a…

And some personal thoughts 😎

Network forensics!

This post is part one of a two-part series:

At the heart of adversarial actions are network artefacts, these artefacts bring information into and/or exfiltrating information of your network or systems (well, kinda…

2018 has just finished; malware, hacks and exploits are everpresent, and we are wondering, why is this happening? What has led to this?
The answer — Cyberwar is being conducted on a global scale via digital strategic asymmetrical warfare, employed by nation states and non-state actors.

Before we can understand…

Ukrainian soldiers take shelter from the shelling of pro-Russia separatists in a police station (the innovation of defensive measures within an urban conflict zone).

This handbook provides real actionable steps that enable an intelligence operator to target, track, collect and analyse information surrounding cybercrime (or traditional crime) which in turn becomes intelligence.

My passion and the basis of this short handbook is based on my experience in cyber threat intelligence and anti-drug trafficking. I…

You have to understand your adversary, then everything elucidates the deeper you go!

Take the below image. A farming site used as a ruse.

Farms you say? Interesting farming products!

I’ve been asked so many questions over the last few years, mostly around how I ended up where I am today practicing the unique disciplines of…

TL;DR — Insight and recommendations (Necurs & Op: GhostSecret)on threats in a small form factor (no one reads long posts anymore)

Greater awareness (foresight), provides enhanced analysis

Knowing the methods, sophistication and modus operandi of cybercriminals is fascinating! Especially when we can take actions, to detect and deny these threats. This is the first instalment in…

Intel Operator

Disciplined Intelligence

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store