Pivot, Pivot! Using Open-Source Data to Support Shared Intelligence

by SophiaOSINT, Rapid Reads, Threat IntelligencePosted on No Comments

Estimated difficulty: 💜🤍🤍🤍🤍 Introduction: The Art of the Pivot In threat intelligence, the difference between a collection of indicators and a comprehensive threat picture often comes down to one skill: pivoting. Pivoting is the process of following digital breadcrumbs – domains to IP addresses, hashes to infrastructure, alias to forum post, following the breadcrumbs to …

Read more “Pivot, Pivot! Using Open-Source Data to Support Shared Intelligence”

Android Attack: Malicious APK Walkthrough

by SarahAndroid, Mobile, Special Interest, Technical FundamentalsPosted on No Comments

Estimated difficulty: 💜💜💜🤍🤍 Why Android Attack? Because it sounds like Art Attack and it reminds me of my childhood. Much like the arty thing I used to do back then, in my mind, reversing Android malware is also similar to an art form. Yes things are more “black and white”; pardon the pun, but there …

Read more “Android Attack: Malicious APK Walkthrough”

No Pain, No Gain! Introducing the Pyramid of Pain

by SophiaRapid Reads, Threat IntelligencePosted on No Comments

Estimated difficulty: 💜💜🤍🤍🤍 A nice quick read this month as we talk about the Cyber Threat Intelligence model the Pyramid of Pain. A long, long, time ago (2013) in a land far, far, away (the United States), David J. Bianco developed the Pyramid of Pain as a conceptual model to visually describe the challenges and …

Read more “No Pain, No Gain! Introducing the Pyramid of Pain”

Untangling the Web: An Introduction to the OWASP Top 10

by SophiaPenetration Testing, WebPosted on No Comments

Estimated difficulty: 💜💜🤍🤍🤍 We are back! And what better way to kick things off than a joint blog post from both Sarah & Sophia? Despite our now varying areas of specialty, we’ve gone back to our penetration testing routes and will be covering the current OWASP Top 10 for web application security. What is OWASP …

Read more “Untangling the Web: An Introduction to the OWASP Top 10”

Phishing : Analysing a Phishy

by SarahAwareness, Best Practice, OSINT, Rapid Reads, WebPosted on 3 Comments

Estimated difficulty: 💜🤍🤍🤍🤍 I am sure many of you have heard of the term ‘phishing‘. Phishing is a form of social engineering, where the campaign is likely to pose as a trusted service or person, which may trick a user into giving away credentials, money or personal identifiable information. The phishing campaign is likely to …

Read more “Phishing : Analysing a Phishy”

Under ATT&CK: An introduction to MITRE ATT&CK

by SophiaThreat IntelligencePosted on No Comments

Estimated difficulty: 💜💜🤍🤍🤍 Welcome to another blog focusing on my journey into Threat Intelligence, this time introducing the MITRE ATT&CK framework and the concept of Tactic, Techniques and Procedures (TTPs). What are TTPs? Tactics, Techniques and Procedures are used to identify the methods or patterns of activity that are used by a threat actor or …

Read more “Under ATT&CK: An introduction to MITRE ATT&CK”

Advent of Code: Day 1

by SarahUncategorizedPosted on No Comments

I assure you, it’s not Christmas yet! However, it has recently been on my TODO list to learn Python. Advent of Code is a great platform that creates challenges for you to do throughout the month of December. These are Christmas themed, so its obligatory to wear a Santa hat whilst you complete them, even …

Read more “Advent of Code: Day 1”

It’s the (Threat Intelligence) Circle of Life

by SophiaThreat IntelligencePosted on 2 Comments

Estimated difficulty: 💜🤍🤍🤍🤍 As some of you may now know, I’ve recently switched to the (potentially dark?) side of Cyber Threat Intelligence (CTI). Don’t worry, I’ll still be doing car hax – but also have a new found love for all things threat intelligence and open-source (OSINT)! As I start this new chapter of my …

Read more “It’s the (Threat Intelligence) Circle of Life”

It’s Frida, Frida, Got to get down on Fridaaa!

by SarahDevelopment, Frida, Penetration Testing, Research, Technical FundamentalsPosted on No Comments

Estimated difficulty: 💜💜💜🤍🤍 I must say, this months post had me struck with a little bit of writers block. Life has been busy, and I may or may not have frequented a BBQ or two whilst we have been blessed with a few rays of sunshine and a bank holiday weekend. Either way, the blog …

Read more “It’s Frida, Frida, Got to get down on Fridaaa!”

Text Me When You Get Pwned: What is SMShing and How Do I Protect Myself?

by SophiaAwareness, Rapid ReadsPosted on No Comments

Estimated difficulty: 💜🤍🤍🤍🤍 What is SMShing? SMShing (AKA Smishing) is a type of social engineering attack conducted over text messages, also known as SMS phishing. Social engineering attacks rely on exploiting human behaviour and reaction rather than a technical vulnerability. Criminals who “SMSh” or “phish” are usually financially motivated, using stolen information to steal money …

Read more “Text Me When You Get Pwned: What is SMShing and How Do I Protect Myself?”