Recent Articles
Have you lost Signal?
The Signal Foundation / Signal Messenger has had some interesting developments over the past few years. Some of the changes have raised alarms, seeding a mix of distrust and exodus from the popular encrypted messenger. Full disclosure, I am a Signal user and have been since its inception. These concerns in mind, I likely will continue to use Signal for the foreseeable future.
Funding - A Sidestepped Conversation Signal Foundation was funded by the following:
read more
Threat Landscape: Malvertising
Malvertising vs. SEO Malicious advertising, also known as “malvertising,” refers to the use of online advertising to spread malware or to redirect users to malicious websites. Threat actors leveraging malvertising often target various advertisement programs such as Google Adsense, Bing Ads, and Yahoo Gemini. To display the malvertisement, you often must mimic the user search with the same search engine.
These advertisement programs use a Traffic Distribution System (TDS), which is a type of network infrastructure that is used to distribute network traffic across multiple servers.
read more
Hardened CTI Environment
Purpose Configure a hardened cyber threat intelligence (CTI) environment to reduce attack surface and attributable information that could lead back to the researcher. This threat model will focus on security and privacy alike.
Virtualization Software Selection VMWare, Oracle VirtualBox, or QEMU are all options. VMWare and VirtualBox favor ease of configuration, however there are many QEMU front-ends that are available for simplifying/automating the use of QEMU. While most analysts will largely be confined to doing the majority of their research from a guest VM on top of their host, some situations may allow for access to a private virtual private server (VPS) that provides separation or a proxy for intelligence probing.
read more