LATEST POST
Email Forensics — Tracing a Phish End-to-End
Phishing is the initial access vector in most intrusions. This deep guide walks through header analysis, payload extraction, and chain reconstruction so you can follow a phish from delivery to C2.
FEATURED
AI-Powered Malware: Dynamic Code Generation and the Rise of Adaptive Threats
AI Data Exposure — The Human Factor Behind GPT Incidents
Sextortion Scams Are Back: What They Are, How They Work, and Why They’re So Effective
Modern Scam Awareness
PREVIOUS POSTS
BlackCat (ALPHV) — Ransomware’s Fall and the Clones That Followed
BlackCat (ALPHV) pushed ransomware evolution: polished extortion flows, strong encryption, and a mature affiliate model. This post dissects its internals, TTPs, detection artefacts, and the wave of copycats that follo...
Weekly Threat Trends — Week Commencing 10 Nov 2025
A story-driven deep dive into this week's evolving cyber landscape — adaptive malware, self-healing botnets, AI weaponization, deepfake-driven deception, and cloud persistence redefining how attackers think.
From JSON Keeper to TsunamiKit — Inside the BeaverTail & InvisibleFerret Attack Chain
North Korean threat actors are now abusing fake API keys, JSON Keeper blobs, and GitHub-hosted Node.js projects to deliver a JavaScript loader known as BeaverTail, which drops a Python backdoor (InvisibleFerret) and a...
Network Forensics — Tracking a C2 Through PCAPs
Follow the traffic, find the truth. A hands-on guide to identifying command-and-control activity using Wireshark, Zeek, and open-source techniques.
Rhadamanthys — Modular Malware Done Right (For the Wrong Reasons)
A deep dive into Rhadamanthys, the stealer-loader hybrid redefining modular malware design. We explore its internal architecture, infection vectors, and what defenders can learn from its engineering.
Weekly Threat Trends — Week Commencing 3 Nov 2025
A deep dive into AI-assisted regenerating malware, evolving MFA-bypass phishing kits, cross‑platform stealers, and macOS/mobile targeting — with concrete detections, playbooks, and comms guidance.
Disk & Memory Forensics 101 — Finding Persistence in the Noise
Digital forensics starts where traditional IT troubleshooting ends. This primer walks through real-world techniques to uncover persistence mechanisms and reconstruct volatile evidence using free and open-source tools.
Lumma Stealer — The Credential Bandit That Won’t Die
Once a low-tier stealer, Lumma evolved into one of 2025’s most persistent credential-harvesting threats. We dissect its infection flow, internal structure, and defense strategies from both blue-team and forensic persp...
Weekly Threat Trends — Week Commencing 27 Oct 2025
From banking trojans and phishing evolutions to new loader frameworks and mobile threat resurgences — here’s what dominated the cyber threat landscape during the final week of October 2025.
