👋 Intro:
🔭 I’m a Security Researcher working in Cyber Threat Intelligence👉 Read about my first year in CTI here⚡ Fun fact: I discovered OZH RAT🕵️♂️ I've contributed to the Mitre ATT&CK framework - TeamTNT☣ Tweet about Malware Campaigns here🎣 Tweet Phishing Campaigns here💻 Previously worked for Cyjax, read my Research Blogs here🌐 Currently working at the Equinix Threat Analysis Center (ETAC)
🤖 Projects:
- Open sources tools for CTI - Collection of resources for OSINT analysis
- Exploring APT campaigns - VirusTotal Graphs and Maltego Diagrams
- 2x Insider Threat-themed CTFs - OSINT challenges
- Malware Zoo- Hashes of famous malware
- Open Source Malware- Links to OSTs on GitHub
- OSINT Search Operators- Shodan Queries and Google Dorks
- CTI Lexicon- Acronyms and Technical Jargon
- CTI Quiz - 4 Topics of Multiple Practice Questions
- EternalLiberty - APT moniker database
- Abuse Legitimate Services - List of services used for malware and phishing
- Curated Intel: Log4Shell IOCs - Vetted IOCs and analysis of threats leveraging Log4Shell
- Android Banking Trojan Nexus - Centralised list of Android banking malware families
- Curated Intel: Ukraine Cyber Operations - Threat Intelligence to assist Ukrainian organisations
💻 I’m currently working on:
🎙 Talks:
| Conference | Talk Title | URL |
|---|---|---|
| conINT 2020 | Using Cyber Threat Intelligence to Defend against Ransomware | YouTube |
| BeerCon2 | Gone Phishin' / Attack of the phish (something something phishing) | YouTube |
| TMHC IsolationCon2 | Exploiting the Supply-Chain for Fun and Espionage | Website |
| DEFCON29 | BTV Presents: Threat Report Roulette | YouTube |
| BeerCon3 | Hacking-As-A-Service: Becoming An APT Is Easier Than Ever! | Website |
🎤 Podcasts:
| Podcast | Topic(s) | URL |
|---|---|---|
| Risky Biz News | Critical vulnerability (CVE-2022-1388) in F5 BIG-IP (from 8m 20s) | risky.biz |
| Technical Outcast | Curated Intelligence on the Conti Playbook leaks (from 30m 30s) | spotify.com |
📰 Features:
- The Telegraph - Royal Mail SMS phishing campaigns
- The Telegraph - NB65 leverages Conti source code
- Vice - Workers Unite
- HHS.gov - Malicious Use of Email Marketing Services
- Microsoft 365 Defender Threat Intelligence Team - Franken-phish
- Maltego - How Do You Run a Cybercrime Gang?
- RISKIQ - Turkey Dog
- Rapid7 - REvil attack on Kaseya
- Splunk - REvil attack on Kaseya
- VirusTotal Blog - North Korean APT using the Amadey Trojan
- Proofpoint - Charting TA2541's Flight
- CyberDefenders - L'espion OSINT CTF
- The Register - Conti attack on HSE
- CyberScoop - Belarus Cyber Partisans
- CyberScoop - Aviation RATs
- Bleeping Computer - APT Targeting Renewable Energy
- Bleeping Computer - Basecamp
- Bleeping Computer - North Koreans Targeting Researchers
- Bleeping Computer - BazarCall
- Bleeping Computer - Monzo phishing
- PortSwigger - North Koreans APTs
- The Record - IcedID spam campaign
- The Record - Passwordstate
- The Record - APT31
- The Record - Trickbot
- The Record - Phorpiex
- The Record - BlackMatter
- The Record - REvil affiliate
- The Record - Log4Shell
- VirusBulletin - PancakeSwap
- VirusBulletin - Lazarus
- VirusBulletin - SharePoint Phishing
- VirusBulletin - Ransomware Decryption Intelligence
- VirusBulletin - Renewable Energy Espionage
- VirusBulletin - Top-tier Cybercrime
- SentinelOne - Ransomware Decryption Intelligence
- ESET Research - GMERA
- SecurityWeek - APT campaign targeting EMEA and APAC governments
- SecurityWeek - ICS Vendors Targeted in Espionage Campaign Focusing on Renewable Energy
- Arstechnica - APT31
- Softpedia - APT31
- CyberWire - Passwordstate
- Uswitch - Roayl Mail scam
- CyberSecStu - Blog of the Week
- Sector035 - Where's Bond?
- SANS Internet Storm Center - Qakbot
- SANS OSINT Summit - Discord for CTI
- KrebsOnSecurity - uAdmin 2FA phishing kit
- Cybersec.sk - MBR Wiper
- Phishunt.io - Community
- MalOps - SharePoint Phishing
- Forcepoint - WastedLocker
- KnowBe4 - Monzo Phishing Campaign