Estimated difficulty: 💜🤍🤍🤍🤍 I am sure many of you have heard of the term ‘phishing‘. Phishing is a form of social engineering, where the campaign is likely to pose as a trusted service or person, which may trick a user into giving away credentials, money or personal identifiable information. The phishing campaign is likely to …
Estimated difficulty: 💜💜🤍🤍🤍 Welcome to another blog focusing on my journey into Threat Intelligence, this time introducing the MITRE ATT&CK framework and the concept of Tactic, Techniques and Procedures (TTPs). What are TTPs? Tactics, Techniques and Procedures are used to identify the methods or patterns of activity that are used by a threat actor or …
I assure you, it’s not Christmas yet! However, it has recently been on my TODO list to learn Python. Advent of Code is a great platform that creates challenges for you to do throughout the month of December. These are Christmas themed, so its obligatory to wear a Santa hat whilst you complete them, even …
Estimated difficulty: 💜🤍🤍🤍🤍 As some of you may now know, I’ve recently switched to the (potentially dark?) side of Cyber Threat Intelligence (CTI). Don’t worry, I’ll still be doing car hax – but also have a new found love for all things threat intelligence and open-source (OSINT)! As I start this new chapter of my …
Estimated difficulty: 💜💜💜🤍🤍 I must say, this months post had me struck with a little bit of writers block. Life has been busy, and I may or may not have frequented a BBQ or two whilst we have been blessed with a few rays of sunshine and a bank holiday weekend. Either way, the blog …
Estimated difficulty: 💜🤍🤍🤍🤍 What is SMShing? SMShing (AKA Smishing) is a type of social engineering attack conducted over text messages, also known as SMS phishing. Social engineering attacks rely on exploiting human behaviour and reaction rather than a technical vulnerability. Criminals who “SMSh” or “phish” are usually financially motivated, using stolen information to steal money …
Read more “Text Me When You Get Pwned: What is SMShing and How Do I Protect Myself?”
Estimated difficulty: 💜🤍🤍🤍🤍 You may have already heard of ChatGPT. It has been a headliner in the news recently, mainly with a concern that it will replace hundreds, thousands, or maybe even more jobs! This post does not intend to add to the fear mongering, but more explore what we can do with ChatGPT and …
Estimated difficulty: 💜💜💜🤍🤍 What is Frida? Frida is a potent tool used by reverse engineers to perform several different tasks. It is open source and once downloaded includes an extensive tool suite. These tools are: Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. https://frida.re/ For this post, I wanted to walk through some basic …
Estimated difficulty: 💜🤍🤍🤍🤍 New year, new blog post… obviously! To kick things of in 2023, today we’ll be talking about a commonly used social engineering technique called typo-squatting and how you can identify malicious domains/websites to protect yourself, or how to protect your organisation or brand if you own a website domain. Typo-squatting is by …
Read more “Typo-What?! How Attackers Use Typo-squatting to Lure You to Dodgy Websites”
Estimated difficulty: 💜💜🤍🤍🤍 This post will walk you through what a JavaScript interface is and how you might retrieve the Java object from the application into the application WebView using this method. A WebView is pretty much what it says on the tin. Android applications can define a WebView within an Activity class in order …
Read more “Android Attack: JavaScript Interfaces and WebViews”