@BushidoToken Threat Intel

The title of this blog is a homage to the film Tinker Tailor Soldier Spy and presents the fact that video games and cheating is also tied to hacking and spying. It is a common trope in cybersecurity that professionals first became interested in the field through an encounter while playing games.  Speaking personally, I first became enthralled with hacking in 2008 by matching against some modders using hacked weapons while playing  Halo 3   (my favourite game of all time). This blog aims to highlight why monitoring the video game industry is important for cyber threat intelligence analysts hunting down the latest threats. Video games and hacking are very intertwined. Many hackers start out by creating cheats for games, and have to play the games to begin with to learn how to hack them.  There are also several notable incidents whereby hacking in video games escalated to become critical issues for the software development industry and enterprise security realms. This includes zero-day ex

  If you wanted to learn how an organized cybercriminal operation worked, look no further than the threat group known as Conti. The recent leaks of the group's chat logs have uncovered an unprecedented wealth of information and insights into how these veteran cybercriminals organize themselves.  Cyber Threat Intelligence (CTI) vendors and independent researchers have spent weeks poring over the Conti leaked chat logs and have uncovered dozens of very significant findings.  In this blog, I didn't want to duplicate what is already known (too much). I wanted to share some of the findings that I thought were the most interesting to me. To rapidly get up to speed on the Conti Leaks, I highly recommend other researchers to read the work in the following blogs: https://www.trellix.com/en-gb/about/newsroom/stories/threat-labs/conti-leaks-examining-the-panama-papers-of-ransomware.html https://www.secureworks.com/blog/gold-ulrick-leaks-reveal-organizational-structure-and-relationships ht

  Artwork by  @laelcillustrate The aim of this blog is to highlight initial access techniques that you’ve potentially not heard of before. You're u nlikely to find these in the Mitre ATT&CK framework and these are pretty u nlikely to happen day-to-day, but they are perfectly valid for persistent attackers. How to implement detection for these techniques also d epends on your threat model and who is trying to target you or your organisation.  Traditional initial access techniques for common threats such as Ransomware operators or Advanced Persistent Threat (APT) groups include  phishing for credentials, malicious spam containing malware, obtaining RDP credentials via brute force or purchasing them from underground markets, and exploiting a vulnerability in a public-facing system.  The techniques discussed in this blog, however, r equires a bit more determination, opportunism, and lateral thinking. >> I've added some " Bushido comments"  offering my own opini