Mastodawn

CyberSecStu 🔎🕵️May 27, 2025

I haven't posted here in ages so... Please share, this is my the start of my book on CTI I'm releasing as a series of articles, because it took too long. However, its also a CTF as over time you need to unlock content thru challenges. I hope you enjoy #CTI #infosec Part 1 and 2 included here.

https://cybersecstu.medium.com/my-book-on-cyber-threat-intel-that-never-quite-made-it-as-a-book-chapter-1-1-faeb57a7e1a1

https://medium.com/@cybersecstu/my-book-on-cyber-threat-intel-that-never-quite-made-it-as-a-book-chapter-1-2-36fc5b9fad64

My book on Cyber Threat Intel, that never quite made it as a book, Chapter 1.1

Welcome, in the next 45,000 or so words and 8 chapters (yes its that many), we’re going to explore everything (well most things), cyber threat intelligence, from intelligence requirement, power of the analysis models and frameworks, how OSINT supports CTI, analytics models, automation, some AI/ML, and threats lots of threats.

Medium

CyberSecStu 🔎🕵️May 27, 2025

Danny Palmer May 27, 2025

I'm going to be at Infosecurity Europe next week. It's obviously far from my first time there, but it'll be my first time with a media pass as a freelancer.

I'm still trying to find solutions to the 'where I will actually write things for' thing (hint: you can commission me!) but I'm looking forward to going and catching up with people and seeing interesting talks. :)

CyberSecStu 🔎🕵️May 24, 2024

Anyone still here?

CyberSecStu 🔎🕵️Feb 20, 2024

RansomLook Feb 20, 2024

New post from #Lockbit3 : Lockbitsupp
More at : https://www.ransomlook.io/group/Lockbit3 #Ransomware

CyberSecStu 🔎🕵️Feb 7, 2024

Brian Clark Feb 7, 2024

This is a great source of #threatintel on tracking #C2 infrastructure

From: @SarlackLab
https://ioc.exchange/@SarlackLab/111880325261319385

SarlackLab (@[email protected])

Attached: 1 image Command-and-control domain tree, 2024-01-23 to 2024-02-05 #PewPew https://abjuri5t.github.io/SarlackLab/ *.apigw[.]tencentcs[.]com *.eu[.]ngrok[.]io *.compute[.]amazonaws[.]com *.tcp[.]ngrok[.]io *.cloudapp[.]azure[.]com *.compute-1[.]amazonaws[.]com

IOC.exchange

CyberSecStu 🔎🕵️Jan 27, 2024

Chapter 5 of my book is completed, only 6 to go... <sigh>

CyberSecStu 🔎🕵️Jan 27, 2024

BrianKrebs Jan 26, 2024

New, from me:

Authorities in Australia, the United Kingdom and the United States this week levied financial sanctions against a Russian man accused of stealing data on nearly 10 million customers of the Australian health insurance giant Medibank. 33-year-old Aleksandr Ermakov allegedly stole and leaked the Medibank data while working with one of Russia's most destructive ransomware groups, but little more is shared about the accused. Here's a closer look at the activities of Mr. Ermakov's alleged hacker handles.

https://krebsonsecurity.com/2024/01/who-is-alleged-medibank-hacker-aleksandr-ermakov/

tl;dr: Ermakov appears to have been a top member of the rapacious REvil ransomware group. He also runs an IT consulting business w/ a guy I identified in Dec. 2023 as Rescator, the hacker handle that sold tens of millions of payment cards stolen from Target and Home Depot in 2013 and 2014.