All blog posts
Unfortunately I end up going down intel rabbit holes more than writing about them. Please enjoy the rare fruits of my endeavours.
-
npm package bigmathix and the BigSquatRat campaign behind it
| Tags: javascript, malware, npm, github
Static analysis of a unique JavaScript infection chain and an examination of the wider footprint of the malware campaign
-
Passive Takeover - uncovering (and emulating) an expensive subdomain takeover campaign
| Tags: intel, shodan, iocs, T1584.001, subdomain takeover
This post explores an often overlooked type of subdomain takeover attack I am dubbing "passive takeover."
-
Fingerprinting C2s with Shodan
| Tags: intel, shodan, iocs
A quick C2 fingerprinting exercise with Shodan
-
Tracking Crimson Kingsnake
| Tags: virustotal, phishing, fraud, intel, iocs, crimson kingsnake
Using VirusTotal to track Crimson Kingsnake
-
Caddy: enabling valid internal SSL certificates with ACME DNS challenge
| Tags: caddy, letsencrypt, lab
This is an older how-to I wrote on how I provisioned valid SSL certificates on my internal homelab using ACME DNS challenge