INTEL_FEED
All research write-ups, investigations, and field notes.
Your Linux Server Is Not Automatically Secure, Nor is it More Secure Than Windows
Did you know that most Linux distributions, such as Ubuntu, Debian, Fedora, ship with the local firewall either disabled by default or auto-configured to allowing all incoming traffic? This post explores how to secure a Linux machine at the network layer.
PDFSupernova: Tel Aviv-Signed Credential Harvester Hiding in Plain Sight
A browser hijacker signed by "Trivolead LTD" that overwrites Chrome's Web Data SQLite file at the OS level — bypassing AV entirely. Embedded form-fill entries target banking and financial credential fields. Part of a wider family including PrimePDFConvert, which adds scheduled task persistence and a Roslyn-powered .NET loader.
Locking Out the Listener: Blocking AI Transcription Bots at the Network and Policy Layer
AI transcription services ride in via ICS calendar files, auto-joining calls without invitation. Covers ICS analysis and DNS-level blocking.
Don't Get Zero-Dayed by a Phish: Dissecting a Credential Harvest Disguised as an Exploit
A suspicious URL with multi-level typosquatting, a custom CAPTCHA gate, and a cloned Microsoft login page. Sandbox detonation confirmed no memory corruption, no shellcode, no privilege escalation. How to tell the difference — and why misclassifying it breaks your IR response.
On-Premise Infrastructure is Underrated
Cloud infrastructure is increasingly recognized as the more hands-off, and sometimes ideal, approach. What if you are compromising your security by introducing an environment that you have no real-world, physical control over? This post explores the inherent issues with cloud infrastructure that large providers, like AWS, do not have an answer for.
IP → Identity: Hunting Attacker Location and Organization with Open Sources
The full passive-recon attribution chain: IPWHOIS and ASN lookups, passive DNS history, certificate transparency logs, Shodan host records, and MxToolbox header tracing. Walkthrough of attributing a phishing campaign's infrastructure using only free tooling.
Hardening by Design: AD Architecture, Least Privilege, and Why Your DC Migration Is a Security Project
A DC migration as a deliberate hardening exercise. FRS-to-DFSR as a security prerequisite, hub-and-spoke DFSR discipline, auditing hardcoded service credentials before FSMO transfer, separating admin from daily-use accounts, and why maintenance windows are themselves a security control.