Author Archives: Emin Baylarov

My Interest in Offensive Security Back in my high school years (1998), when my curiosity for offensive security was at its peak, I was fortunate to be in an interesting class. While others around me were debating whether Fenerbahçe or Galatasaray was the better football team, my classmates were passionately arguing whether Windows NT 4.0 […]

Phishing threat actors are continuously seeking new methods to increase the chances of success in their campaigns. Phishing is still one of the main initial access vectors into target networks. One technique that makes phishing emails particularly difficult to block is the use of open redirect vulnerabilities to distribute malicious links. Although often underestimated and left […]

Legitimate third-party Platform-as-a-Service (PaaS) providers are becoming increasingly leveraged by threat actors for phishing and malware deployment. PaaS providers such as cloud instances, marketing platforms, content delivery networks (CDN), and dynamic DNS servers have been weaponised for a range of malicious activities. One of the key benefits is that they can be used to evade detection […]

As stated in the executive summary of the Corporate SOME Setup and Management Guide published by the Directorate General of Communications under the Ministry of Transport, Maritime Affairs, and Communications of the Republic of Turkey in 2014, Corporate Cyber Incident Response Teams (SOME) are crucial structures in mitigating cyber incidents and preventing or reducing potential […]

Background:  The Qakbot banking Trojan is one of the top-tier malware families on the current threat landscape. It is distributed in mass spam campaigns, steals confidential information, and has also provided access to ransomware operators. Preventing and detecting this threat has become a priority for many organisations as a successful infection can lead to a […]