Resources
New threat intelligence, detection engineering, and red team write-ups, delivered when we publish.
A dormant service account nobody decommissioned let the Icarus extortion group push malicious code into Klue's integration layer, harvest OAuth tokens, and quietly drain Salesforce CRM data from downstream victims over a 24-hour window. Here is how the supply chain attack unfolded and what the forensic artifacts reveal.
A single VirusTotal hash led us to the full deobfuscation of MuddyWater's DenoDoor backdoor, 40 plus active C2 nodes across two bulletproof ASNs, a second live DenoDoor cluster delivering zero-detection AI-themed lures, and confirmation that Iranian state actors are renting infrastructure from a Russian criminal Malware-as-a-Service operation.
Complete forensic analysis of TeamPCP's supply chain attack: 2,650+ compromised GitHub repos, 16+ MB credential theft, and undetected Rust RAT deployment.
Bluekit is not just another Phishing-as-a-Service platform. It is a multi-tenant white-label PhaaS engine, and buried inside a JavaScript bundle we pulled from its Tor hidden service is the configuration for a second brand, SnagX, a Chinese-market reseller charging 2.8x Bluekit's prices to a completely separate operator base.
A phishing email landed in an employee's inbox. SPF passed. DKIM passed. DMARC passed. Spam score: 0.085/1.0. What started as a routine triage turned into a multi-day offensive hunt.
Analysis of the cryptocurrency exchange breach, highlighting supply chain security and browser-based attack vulnerabilities.
North Korean threat actors are leveraging GitHub to target software developers through fake job opportunities and technical interviews.
Our functional Sigma-to-KQL conversion utility compatible with the Sigma Community repository.
API tools designed to streamline content management for threat hunting operations within Microsoft Sentinel.
