Pivot, Pivot! Using Open-Source Data to Support Shared Intelligence

by SophiaOSINT, Rapid Reads, Threat IntelligencePosted on No Comments

Estimated difficulty: 💜🤍🤍🤍🤍 Introduction: The Art of the Pivot In threat intelligence, the difference between a collection of indicators and a comprehensive threat picture often comes down to one skill: pivoting. Pivoting is the process of following digital breadcrumbs – domains to IP addresses, hashes to infrastructure, alias to forum post, following the breadcrumbs to …

Read more “Pivot, Pivot! Using Open-Source Data to Support Shared Intelligence”

No Pain, No Gain! Introducing the Pyramid of Pain

by SophiaRapid Reads, Threat IntelligencePosted on No Comments

Estimated difficulty: 💜💜🤍🤍🤍 A nice quick read this month as we talk about the Cyber Threat Intelligence model the Pyramid of Pain. A long, long, time ago (2013) in a land far, far, away (the United States), David J. Bianco developed the Pyramid of Pain as a conceptual model to visually describe the challenges and …

Read more “No Pain, No Gain! Introducing the Pyramid of Pain”

Untangling the Web: An Introduction to the OWASP Top 10

by SophiaPenetration Testing, WebPosted on No Comments

Estimated difficulty: 💜💜🤍🤍🤍 We are back! And what better way to kick things off than a joint blog post from both Sarah & Sophia? Despite our now varying areas of specialty, we’ve gone back to our penetration testing routes and will be covering the current OWASP Top 10 for web application security. What is OWASP …

Read more “Untangling the Web: An Introduction to the OWASP Top 10”

Under ATT&CK: An introduction to MITRE ATT&CK

by SophiaThreat IntelligencePosted on No Comments

Estimated difficulty: 💜💜🤍🤍🤍 Welcome to another blog focusing on my journey into Threat Intelligence, this time introducing the MITRE ATT&CK framework and the concept of Tactic, Techniques and Procedures (TTPs). What are TTPs? Tactics, Techniques and Procedures are used to identify the methods or patterns of activity that are used by a threat actor or …

Read more “Under ATT&CK: An introduction to MITRE ATT&CK”

It’s the (Threat Intelligence) Circle of Life

by SophiaThreat IntelligencePosted on 2 Comments

Estimated difficulty: 💜🤍🤍🤍🤍 As some of you may now know, I’ve recently switched to the (potentially dark?) side of Cyber Threat Intelligence (CTI). Don’t worry, I’ll still be doing car hax – but also have a new found love for all things threat intelligence and open-source (OSINT)! As I start this new chapter of my …

Read more “It’s the (Threat Intelligence) Circle of Life”

Text Me When You Get Pwned: What is SMShing and How Do I Protect Myself?

by SophiaAwareness, Rapid ReadsPosted on No Comments

Estimated difficulty: 💜🤍🤍🤍🤍 What is SMShing? SMShing (AKA Smishing) is a type of social engineering attack conducted over text messages, also known as SMS phishing. Social engineering attacks rely on exploiting human behaviour and reaction rather than a technical vulnerability. Criminals who “SMSh” or “phish” are usually financially motivated, using stolen information to steal money …

Read more “Text Me When You Get Pwned: What is SMShing and How Do I Protect Myself?”

Typo-What?! How Attackers Use Typo-squatting to Lure You to Dodgy Websites

by SophiaAwareness, Learning Resources, OSINTPosted on No Comments

Estimated difficulty: 💜🤍🤍🤍🤍 New year, new blog post… obviously! To kick things of in 2023, today we’ll be talking about a commonly used social engineering technique called typo-squatting and how you can identify malicious domains/websites to protect yourself, or how to protect your organisation or brand if you own a website domain. Typo-squatting is by …

Read more “Typo-What?! How Attackers Use Typo-squatting to Lure You to Dodgy Websites”

The Importance of Not Doing Work: Avoiding Burnout Part Two

by SophiaLearning Resources, Rapid ReadsPosted on No Comments

So in hindsight this title is a tad misleading, I’m definitely not suggesting to drop all your job responsibilities in a blink of an eye…! But rather evaluate your work/life balance to ensure you’re prioritising your mental health above all – as of course, you should always be your first priority. I’m writing this blog …

Read more “The Importance of Not Doing Work: Avoiding Burnout Part Two”

XXE Injection: To Entity and Beyond!

by SophiaPenetration Testing, WebPosted on No Comments

Estimated difficulty: 💜💜💜💜🤍 Welcome back readers! After a few months hiatus, the Queens are back in action and ready to blog to our heart’s content! This month’s blog we will be delving into the art of XXE injection, what it is, a few ways to exploit it, and the mitigation techniques used “IRL”. A huge …

Read more “XXE Injection: To Entity and Beyond!”

Smashing Stacks and All the Hax

by SophiaRapid Reads, Special InterestPosted on One Comment

Estimated difficulty: 💜💜💜💜🤍 Hulk, smash? Stacks, that is! Welcome to another strictly hax-themed blog, and something a little out of my comfort zone I must say – so if there are any constructive criticisms or feedback… Please let me know! This month we are covering the basics of stack smashing AKA stack-based buffer overflows, we’ll …

Read more “Smashing Stacks and All the Hax”