Estimated difficulty: 💜💜💜🤍🤍 Why Android Attack? Because it sounds like Art Attack and it reminds me of my childhood. Much like the arty thing I used to do back then, in my mind, reversing Android malware is also similar to an art form. Yes things are more “black and white”; Continue Reading
No Pain, No Gain! Introducing the Pyramid of Pain
Estimated difficulty: 💜💜🤍🤍🤍 A nice quick read this month as we talk about the Cyber Threat Intelligence model the Pyramid of Pain. A long, long, time ago (2013) in a land far, far, away (the United States), David J. Bianco developed the Pyramid of Pain as a conceptual model to Continue Reading
Untangling the Web: An Introduction to the OWASP Top 10
Estimated difficulty: 💜💜🤍🤍🤍 We are back! And what better way to kick things off than a joint blog post from both Sarah & Sophia? Despite our now varying areas of specialty, we’ve gone back to our penetration testing routes and will be covering the current OWASP Top 10 for web Continue Reading
Phishing : Analysing a Phishy
Estimated difficulty: 💜🤍🤍🤍🤍 I am sure many of you have heard of the term ‘phishing‘. Phishing is a form of social engineering, where the campaign is likely to pose as a trusted service or person, which may trick a user into giving away credentials, money or personal identifiable information. The Continue Reading
Under ATT&CK: An introduction to MITRE ATT&CK
Estimated difficulty: 💜💜🤍🤍🤍 Welcome to another blog focusing on my journey into Threat Intelligence, this time introducing the MITRE ATT&CK framework and the concept of Tactic, Techniques and Procedures (TTPs). What are TTPs? Tactics, Techniques and Procedures are used to identify the methods or patterns of activity that are used Continue Reading
Advent of Code: Day 1
I assure you, it’s not Christmas yet! However, it has recently been on my TODO list to learn Python. Advent of Code is a great platform that creates challenges for you to do throughout the month of December. These are Christmas themed, so its obligatory to wear a Santa hat Continue Reading
It’s the (Threat Intelligence) Circle of Life
Estimated difficulty: 💜🤍🤍🤍🤍 As some of you may now know, I’ve recently switched to the (potentially dark?) side of Cyber Threat Intelligence (CTI). Don’t worry, I’ll still be doing car hax – but also have a new found love for all things threat intelligence and open-source (OSINT)! As I start Continue Reading
It’s Frida, Frida, Got to get down on Fridaaa!
Estimated difficulty: 💜💜💜🤍🤍 I must say, this months post had me struck with a little bit of writers block. Life has been busy, and I may or may not have frequented a BBQ or two whilst we have been blessed with a few rays of sunshine and a bank holiday Continue Reading
Text Me When You Get Pwned: What is SMShing and How Do I Protect Myself?
Estimated difficulty: 💜🤍🤍🤍🤍 What is SMShing? SMShing (AKA Smishing) is a type of social engineering attack conducted over text messages, also known as SMS phishing. Social engineering attacks rely on exploiting human behaviour and reaction rather than a technical vulnerability. Criminals who “SMSh” or “phish” are usually financially motivated, using Continue Reading
ChatGPT: Let’s try it out!
Estimated difficulty: 💜🤍🤍🤍🤍 You may have already heard of ChatGPT. It has been a headliner in the news recently, mainly with a concern that it will replace hundreds, thousands, or maybe even more jobs! This post does not intend to add to the fear mongering, but more explore what we Continue Reading