Resources
Blog
The Full Account: TeamPCP's Mini Shai-Hulud Supply Chain Campaign, Waves 1 & 2
Complete forensic analysis of TeamPCP's supply chain attack: 2,650+ compromised GitHub repos, 16+ MB credential theft, and undetected Rust RAT deployment.
Bluekit PhaaS: The White-Label Supply Chain the Newswire Missed
Bluekit is not just another Phishing-as-a-Service platform. It is a multi-tenant white-label PhaaS engine, and buried inside a JavaScript bundle we pulled from its Tor hidden service is the configuration for a second brand, SnagX, a Chinese-market reseller charging 2.8x Bluekit's prices to a completely separate operator base.
Hunting a PhaaS Operator: From Phishing Email to Lagos, Nigeria
A phishing email landed in an employee's inbox. SPF passed. DKIM passed. DMARC passed. Spam score: 0.085/1.0. What started as a routine triage turned into a multi-day offensive hunt.
Bybit Hack Considerations
Analysis of the cryptocurrency exchange breach, highlighting supply chain security and browser-based attack vulnerabilities.
APT38's New Game: Targeting Devs with Fake Coding Challenges
North Korean threat actors are leveraging GitHub to target software developers through fake job opportunities and technical interviews.
Conversion from Sigma Community to KQL That Works
Our functional Sigma-to-KQL conversion utility compatible with the Sigma Community repository.
Managing Threat Hunting Content via APIs in Microsoft Sentinel
API tools designed to streamline content management for threat hunting operations within Microsoft Sentinel.