Using DNS.Coffee to Drive Research
Aaron Samala
Short and simple This discusses how I plan to use DNS.Coffee to drive research. You can find suspicious domains, and then pivot on that to find more suspicious domains. Before…
AAFES Phishing Sites Observed
Short and simple This discusses how I found some AAFES (Army Air Force Exchange Service) themed phishing sites. Before continuing THE CONTENT, VIEWS, AND OPINIONS EXPRESSED ON THIS DOCUMENT ARE…
Using Silent Push to Detect SmartApeSG IoFAs
Summary up front: This document shows how I’ve been using Silent Push to track SmartApeSG. These are repeatable steps that an analyst or enthusiast can follow to do the same.…
Navy Federal Credit Union Masquerades Found!
This article documents repeatable steps for analysts and enthusiast researchers to search for and identify phishing sites masquerading as banking sites, specifically focusing on Navy Federal Credit Union. It builds…
USAA Masquerades Found!
This article documents the investigation into websites masquerading as USAA. It details the methodology used to identify suspicious domains, pivoting off key indicators like CSS and font hashes, and highlights…
Possible Early Stage Caesar Cipher Skimmer
This article explores the discovery of a potential early-stage Caesar cipher skimmer during the investigation of suspicious activities linked to a Tunisian online store. The investigation uncovers hidden JavaScript masquerading…
The LandUpdate808 Fake Update Variant
Discover the LandUpdate808 fake update variant, a new cybersecurity threat tracked by our team. This article details its unique delivery chain, payload variations, and indicators of compromise, emphasizing the importance…
What is a Gootloader Backlink farm?
Backlinks Backlinks, or outgoing links, are links on a given page that links to another webpage. Why does it matter? When search engines crawl the internet, they record any outbound…
Gootloader Isn’t Broken
In this post, we take a closer look at the Gootloader malware, correcting previous assertions about its dysfunction. Through the use of tools like Process Monitor and Burp Suite, we…
Automating Gootkit Detection with urlscan.io: A Step-by-Step Guide
Learn to automate Gootkit malware detection using urlscan.io. This guide covers the use of urlscan.io's API and Python scripting to efficiently identify and analyze malicious forum loader scripts, enhancing your…