Category Archives: Uncategorized

Android banking Trojans are an interesting threat because if successful, it can be a huge payday for a cybercriminal and a terrible loss for the victim. The latest wave of Android banking threats have a range of advanced features, all designed to clear out a victim’s bank account. The majority of these threats are distributed via […]

Welcome to the final BushidoToken blog of 2022. Over the last year or so, an associate of mine in the UK has been targeted by a persistent Chinese-speaking scammer. The scammer often calls once or twice a month from a unique UK-based phone number and, if left unanswered, leaves an unusual automated voicemail.  I got […]

For my first research blog of 2022, I analysed a suspected intelligence gathering campaign targeting renewable energy and industrial technology organisations, with a particular focus on Bulgaria. This long-running espionage campaign leveraged multiple credential harvesting pages to target the email accounts of employees at a number of organisations between 2019 and is ongoing in 2022. […]

My Interest in Offensive Security Back in my high school years (1998), when my curiosity for offensive security was at its peak, I was fortunate to be in an interesting class. While others around me were debating whether Fenerbahçe or Galatasaray was the better football team, my classmates were passionately arguing whether Windows NT 4.0 […]

Phishing threat actors are continuously seeking new methods to increase the chances of success in their campaigns. Phishing is still one of the main initial access vectors into target networks. One technique that makes phishing emails particularly difficult to block is the use of open redirect vulnerabilities to distribute malicious links. Although often underestimated and left […]