Category Archives: Uncategorized

Welcome to the Cyber Threat Intelligence (CTI) Analyst Challenge!  I am excited to introduce a comprehensive repository designed to enhance the skills and expertise of CTI analysts through a challenging and engaging intelligence analysis exercise. Purpose This repository is created to test and improve the capabilities of CTI analysts by providing a structured challenge that […]

This post is part of my Tracking Adversaries blog series, where I provide a summary analysis of an adversary that has captured my attention and warrants deeper investigation. Qilin has already been extensively covered by experts from Trend Micro, Secureworks, Group-IB, SentinelOne, SOCRadar, BleepingComputer, and MalwareHunterTeam. Kudos to these researchers—without their contributions, our understanding of […]

Introduction Ransomware attacks are becoming increasingly devastating, but one constant remains: the tools used by cybercriminals. The Ransomware Tool Matrix is a comprehensive resource that highlights the tactics, techniques, and procedures (TTPs) frequently employed by ransomware and extortionist groups. This repository equips defenders with actionable intelligence on the tools commonly utilized by adversaries, drawing insights […]

In this post, we’ll analyze a suspicious IP address identified in our previous discussion on Amadey Bot malware. We’ll use Shodan and Censys to pivot to additional Amadey infrastructure. You’ll learn how to craft queries based on HTML content and certificate information from a known C2, ultimately identifying 12 unique servers. The original sample can […]

An informal page for storing Censys/Shodan queries that have returned interesting results. Including examples for – AsyncRAT – Common x509 Certificates Hardcoded values in x509 certificates used for TLS communication. (Link) Solarmarker/Jupyter – SSH Configuration Commonalities Commonalities between ssh host key and running ports. Typically only ports 22 and 80. SSH host key is the […]