Pivot, Pivot! Using Open-Source Data to Support Shared Intelligence

Introduction: The Art of the Pivot In threat intelligence, the difference between a collection of indicators and a coherent threat picture often comes down to one skill: pivoting. Pivoting is the process of following digital breadcrumbs – domains to IP addresses, hashes to infrastructure, alias to forum post, following the Continue Reading

Under ATT&CK: An introduction to MITRE ATT&CK

Estimated difficulty: 💜💜🤍🤍🤍 Welcome to another blog focusing on my journey into Threat Intelligence, this time introducing the MITRE ATT&CK framework and the concept of Tactic, Techniques and Procedures (TTPs). What are TTPs? Tactics, Techniques and Procedures are used to identify the methods or patterns of activity that are used Continue Reading

Text Me When You Get Pwned: What is SMShing and How Do I Protect Myself?

Estimated difficulty: 💜🤍🤍🤍🤍 What is SMShing? SMShing (AKA Smishing) is a type of social engineering attack conducted over text messages, also known as SMS phishing. Social engineering attacks rely on exploiting human behaviour and reaction rather than a technical vulnerability. Criminals who “SMSh” or “phish” are usually financially motivated, using Continue Reading

Typo-What?! How Attackers Use Typo-squatting to Lure You to Dodgy Websites

Estimated difficulty: 💜🤍🤍🤍🤍 New year, new blog post… obviously! To kick things of in 2023, today we’ll be talking about a commonly used social engineering technique called typo-squatting and how you can identify malicious domains/websites to protect yourself, or how to protect your organisation or brand if you own a Continue Reading