Collaborate Disseminate
Analyzing Shutdown.log file as a lightweight method to detect indicators of infection with sophisticated iOS malware such as Pegasus, Reign and Predator. Continue reading A lightweight method to detect potential iOS malware
I identified several signs of attacks that use forged certificates inside the network and developed a Proof-of-Concept utility capable of finding artifacts in AD, as well as a number of detection logic rules that can be added to SIEM. Continue reading Anomaly detection in certificate-based TGT requests
We developed a dedicated utility to scan the iOS backups and run all the checks for Operation Triangulation indicators. Continue reading In search of the Triangulation: triangle_check utility
We decided to check what ChatGPT already knows about threat research and whether it can help with identifying simple adversary tools and classic indicators of compromise, such as well-known malicious hashes and domains. Continue reading IoC detection experiments with ChatGPT
Brief introduction to setting up Ghidra, and then configuring it with a familiar UI and shortcuts, so that you would not need to re-learn all the key sequences you have got used to over the years. Continue reading How to train your Ghidra
We released Python-based command line tools for our OpenTIP service that also implement a client class that you can reuse in your own tools. Continue reading OpenTIP, command line edition