The Most Wonderful (and Risky) Time of the Year For most retailers, the holiday period represents the peak of the business calendar – a time when transactions soar, new promotions launch daily, and digital infrastructure runs hot. Unfortunately, threat actors also know this and as retail teams focus on customer Continue Reading
Pivot, Pivot! Using Open-Source Data to Support Shared Intelligence
Introduction: The Art of the Pivot In threat intelligence, the difference between a collection of indicators and a coherent threat picture often comes down to one skill: pivoting. Pivoting is the process of following digital breadcrumbs – domains to IP addresses, hashes to infrastructure, alias to forum post, following the Continue Reading
Android Application Malware Analysis: Sturnus
Android malware is still prevalent in the mobile application space and 2025 has seen a list of new families. Dipping my toe back into the waters, I wanted to take a look at some of latest malware to appear on the scene, initially starting with, Sturnus. This malware is known Continue Reading
Android Attack: Malicious APK Walkthrough
Estimated difficulty: 💜💜💜🤍🤍 Why Android Attack? Because it sounds like Art Attack and it reminds me of my childhood. Much like the arty thing I used to do back then, in my mind, reversing Android malware is also similar to an art form. Yes things are more “black and white”; Continue Reading
No Pain, No Gain! Introducing the Pyramid of Pain
Estimated difficulty: 💜💜🤍🤍🤍 A nice quick read this month as we talk about the Cyber Threat Intelligence model the Pyramid of Pain. A long, long, time ago (2013) in a land far, far, away (the United States), David J. Bianco developed the Pyramid of Pain as a conceptual model to Continue Reading
Untangling the Web: An Introduction to the OWASP Top 10
Estimated difficulty: 💜💜🤍🤍🤍 We are back! And what better way to kick things off than a joint blog post from both Sarah & Sophia? Despite our now varying areas of specialty, we’ve gone back to our penetration testing routes and will be covering the current OWASP Top 10 for web Continue Reading
Phishing : Analysing a Phishy
Estimated difficulty: 💜🤍🤍🤍🤍 I am sure many of you have heard of the term ‘phishing‘. Phishing is a form of social engineering, where the campaign is likely to pose as a trusted service or person, which may trick a user into giving away credentials, money or personal identifiable information. The Continue Reading
Under ATT&CK: An introduction to MITRE ATT&CK
Estimated difficulty: 💜💜🤍🤍🤍 Welcome to another blog focusing on my journey into Threat Intelligence, this time introducing the MITRE ATT&CK framework and the concept of Tactic, Techniques and Procedures (TTPs). What are TTPs? Tactics, Techniques and Procedures are used to identify the methods or patterns of activity that are used Continue Reading
Advent of Code: Day 1
I assure you, it’s not Christmas yet! However, it has recently been on my TODO list to learn Python. Advent of Code is a great platform that creates challenges for you to do throughout the month of December. These are Christmas themed, so its obligatory to wear a Santa hat Continue Reading
It’s the (Threat Intelligence) Circle of Life
Estimated difficulty: 💜🤍🤍🤍🤍 As some of you may now know, I’ve recently switched to the (potentially dark?) side of Cyber Threat Intelligence (CTI). Don’t worry, I’ll still be doing car hax – but also have a new found love for all things threat intelligence and open-source (OSINT)! As I start Continue Reading