Adrian Anglin

Essential Client-Side Vulnerabilities that Every Pentester Should Know Introduction Here in the 27th blog in our 30-project blog series on web security, we move to another set of attack vectors, the client-side attack ve...

Essential Client-Side Vulnerabilities that Every Pentester Should Know:
hacklido.com/blog/1117-es...

OtterCookie: Analysis of New Lazarus Group Malware Explore in-depth technical analysis of OtterCookie, a new North Korean Lazarus APT malware that steals victims' crypto and credentials.

OtterCookie: Analysis of Lazarus Group Malware Targeting Finance and Tech Professionals
any.run/cybersecurit...

How Adversary Telegram Bots Help to Reveal Threats: Case Study  - ANY.RUN's Cybersecurity Blog Discover how to intercept data stolen by cybercriminals via Telegram bots and learn to use it to clarify related threat landscape.

How Adversary Telegram Bots Help to Reveal Threats: Case Study
any.run/cybersecurit...

Cyber Attacks on Government Agencies: Detect and Investigate Discover analysis of real-world cyber attacks on government organizations and see how ANY.RUN can help detect and investigate them.

Cyber Attacks on Government Agencies: Detect and Investigate with ANY.RUN for Fast Response
any.run/cybersecurit...

How MSSPs Can Analyze and Investigate Phishing Attacks See a case study on how MSSPs can track down active phishing campaigns, identify their targets, and collect IOCs with ANY.RUN.

How MSSPs Can Analyze and Investigate Phishing Attacks with ANY.RUN
any.run/cybersecurit...

Unified Security Platform | Microsoft Security Read the e-book Building a Cyberthreat-Resilient Organization to learn about a unified security platform that integrates XDR, SIEM, and generative AI.

Building a Cyberthreat-Resilient Organization
info.microsoft.com/ww-thankyou-...

SOC Investigations 2025: Clues Are Key To protect the enterprise network, SOCs need to be able to investigate alerts. But they often lack the capability to investigate at scale.  The core

SOC Investigations 2025: Clues Are Key
www.cybertriage.com/blog/soc-inv...

Windows Registry Forensics Cheat Sheet 2025 Save. This. Post. Our expert staff has compiled an up-to-date and comprehensive Windows Registry forensics cheat sheet, and it might be just what you need

Windows Registry Forensics Cheat Sheet 2025
www.cybertriage.com/blog/windows...

PHP Type Juggling Explained: The Silent Security Risk Lurking in Web Applications Did you ever think about the reason some PHP applications can still be bypassed after various hard-to-guess login tries? Type juggling can be a helpful f...

PHP Type Juggling Explained: The Silent Security Risk Lurking in Web Applications
hacklido.com/blog/1107-ph...

Introduction to Threat Intelligence ETW A quick look into ETW capabilities against malicious API calls.

Introduction to Threat Intelligence ETW
undev.ninja/introduction...

The Bitter End: Unraveling Eight Years of Espionage Antics—Part One | Proofpoint US This is a two-part blog series, detailing research undertaken in collaboration with Threatray. Part two of this blog series can be found on their website here.  Analyst note: Throughout

The Bitter End: Unraveling Eight Years of Espionage Antics—Part One
www.proofpoint.com/us/blog/thre...

Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine Cisco Talos observed a destructive attack on a critical infrastructure entity within Ukraine, using a previously unknown wiper we are calling “PathWiper.”

Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine
blog.talosintelligence.com/pathwiper-ta...

Fake WordPress Caching Plugin Used to Steal Admin Credentials Uncover the dangers of a malicious plugin that can steal admin credentials and compromise your WordPress site security.

Fake WordPress Caching Plugin Used to Steal Admin Credentials
blog.sucuri.net/2025/06/fake...

Spear Phishing in Armenia: Inside a Persistent Campaign by UNC5792 - CyberHUB-AM In early March 2025, CyberHUB-AM identified a targeted spear phishing campaign focused […]

Spear Phishing in Armenia: Inside a Persistent Campaign by UNC5792
cyberhub.am/en/blog/2025...

SCIM Hunting - Beyond SSO
blog.doyensec.com/2025/05/08/s...

Tracking AyySSHush: a Newly Discovered ASUS Router Botnet Campaign

Tracking AyySSHush: a Newly Discovered ASUS Router Botnet Campaign
censys.com/blog/trackin...

Azure Arc - C2aaS Exploring Azure Arc’s overlooked C2aaS potential. Attacking and Defending against its usage and exploring usecases.

LOLCLOUD - Azure Arc - C2aaS
Exploring Azure Arc’s overlooked C2aaS potential. Attacking and Defending against its usage and exploring usecases.
blog.zsec.uk/azure-arc-c2...

Text-to-Malware: How Cybercriminals Weaponize Fake AI-Themed Websites | Google Cloud Blog Cybercriminals are using fake AI-themed ads and websites to deliver malware such as infostealers and backdoors.

Text-to-Malware: How Cybercriminals Weaponize Fake AI-Themed Websites
cloud.google.com/blog/topics/...

NSIS Abuse and sRDI Shellcode: Anatomy of the Winos 4.0 Campaign | Rapid7 Blog Rapid7 has been tracking a malware campaign that uses fake software installers disguised as popular apps like VPN and QQBrowser—to deliver Winos v4.0, a hard-to-detect malware that runs entirely in me...

NSIS Abuse and sRDI Shellcode: Anatomy of the Winos 4.0 Campaign
www.rapid7.com/blog/post/20...

DarkCloud Stealer: Comprehensive Analysis of a New Attack Chain That Employs AutoIt A new DarkCloud Stealer campaign is using AutoIt obfuscation for malware delivery. The attack chain involves phishing emails, RAR files and multistage payloads. A new DarkCloud Stealer campaign is usi...

DarkCloud Stealer: Comprehensive Analysis of a New Attack Chain That Employs AutoIt
unit42.paloaltonetworks.com/darkcloud-st...

Implementing SIEM and SOAR platforms
www.cyber.gov.au/resources-bu...

Earth Lamia Develops Custom Arsenal to Target Multiple Industries Trend™ Research has been tracking an active APT threat actor named Earth Lamia, targeting multiple industries in Brazil, India and Southeast Asia countries at least since 2023. The threat actor primar...

Earth Lamia Develops Custom Arsenal to Target Multiple Industries
www.trendmicro.com/en_us/resear...

Jigsaw RDPuzzle: Piecing Attacker Actions Together In a recent incident response project, we had the chance to virtually look over the attackers' shoulder and observe their activities. The attackers used the Remote Desktop Protocol (RDP) for lateral m...

Jigsaw RDPuzzle: Piecing Attacker Actions Together
insinuator.net/2025/01/jigs...

One Tool To Rule Them All - Shells.Systems Estimated Reading Time: 9 minutes AMSI, CLM and ETW – defeated* with one Microsoft signed tool Let’s start with AMSI – everyone loves bypassing AMSI! In recent years, many (not all) antivirus product...

One Tool To Rule Them All
shells.systems/one-tool-to-...

Trend Micro™ Managed XDR Analysis of Infection From Fake Installers and Cracks Our research shows attackers use platforms like YouTube to spread fake installers via trusted hosting services, employing encryption to evade detection and steal sensitive browser data.

Trend Micro™ Managed XDR Analysis of Infection From Fake Installers and Cracks
www.trendmicro.com/en_us/resear...

Dissecting the macOS 'AppleProcessHub' Stealer: Technical Analysis of a Multi-Stage Attack Technical analysis of macOS AppleProcessHub stealer malware using AES encryption to evade detection and steal SSH keys, keychain data, and browser history.

Dissecting the macOS 'AppleProcessHub' Stealer: Technical Analysis of a Multi-Stage Attack
www.kandji.io/blog/macos-a...

Mapping MITRE ATT&CK with Window Event Log IDs - Security Investigation Author/Credits: mdecrevoisier MITRE Att@ck is known for its Tactics & Techniques. Each and every attack is mapped with MITRE Att@ck. ATT&CK stands for adversarial tactics, techniques, and common knowl...

Mapping MITRE ATT&CK with Window Event Log IDs
www.socinvestigation.com/mapping-mitr...

China-Nexus Threat Actor Actively Exploiting Ivanti Endpoint Manager Mobile (CVE-2025-4428) Vulnerability On Thursday, May 15, 2025, Ivanti disclosed two critical vulnerabilities - CVE-2025-4427 and CVE-2025-4428 - affecting Ivanti Endpoint Manager Mobile (EPMM) version 12.5.0.0 and earlier.

China-Nexus Threat Actor Actively Exploiting Ivanti Endpoint Manager Mobile (CVE-2025-4428) Vulnerability
blog.eclecticiq.com/china-nexus-...

BadUSB Attack Explained: From Principles to Practice and Defense Discover how to implement it with Arduino UNO, and what security measures can protect your system.

BadUSB Attack Explained: From Principles to Practice and Defense
insbug.medium.com/badusb-attac...

Offensive Threat Intelligence CTI isn’t just for blue teams. Used properly, it sharpens red team tradecraft, aligns ops to real-world threats, and exposes blind spots defenders often miss. It’s not about knowing threats, it’s abou...

Offensive Threat Intelligence
blog.zsec.uk/offensive-cti/