- π Iβm a Security Researcher working in Cyber Threat Intelligence since 2019
- π BSc (Hons) Graduate of Computer and Information Security
- π Student of SANS FOR578 and earned the GIAC GCTI certification
- π Co-Author and Instructor of the SANS FOR589 Cybercrime Intelligence course
- π Read about my first year in CTI here
- β‘ Fun fact: I discovered OZH RAT and TitanStealer
- π΅οΈββοΈ I've contributed to the Mitre ATT&CK framework - TeamTNT & SEO Poisoning
- π I create my own Hacker Fiction stories (with a little help from AI) here
- π» Previously worked for Cyjax, read my Research Blogs here
- π Currently working at the Equinix Threat Analysis Center (ETAC)
- Open sources tools for CTI - Collection of resources for OSINT analysis
- 2x Insider Threat-themed CTFs - OSINT challenges
- CTI Lexicon- Acronyms and Technical Jargon
- CTI Quiz - 4 Topics of Multiple Practice Questions
- Abuse Legitimate Services - List of services used for malware and phishing
- Breach Report Collection - Collection of breach reports for case studies
- OPSEC 101 - A guide to better security for non-technical family, friends, and colleagues
- The CTI Analyst Challenge - A training repository for CTI analysts to practice answering PIRs and RFIs
- The Ransomware Tool Matrix - A repository of tools used by various ransomware gangs
- The Russian APT Tool Matrix - A repository of tools used by various Russian APT groups
- The Ransomware Vulnerability Matrix - A repository of vulnerabilities exploited by various ransomware gangs
- EternalLiberty - APT moniker database
- Curated Intel: Log4Shell IOCs - Vetted IOCs and analysis of threats leveraging Log4Shell
- Curated Intel: Ukraine Cyber Operations - Threat Intelligence to assist Ukrainian organisations
- Curated Intel: CTI Fundamentals - A collection of essential resources related to CTI theory
- Curated Intel: MOVEit Transfer Campaign Tracking - Tracking events related to the MOVEit campaign
- Curated Intel: Threat Actor Profile Guide - A guide for CTI analysts
- You can view all my videos via my YouTube playlist
| Conference | Workshop Title | URL |
|---|---|---|
| BSides London 2023 | Keep Your Enemies Closer: How to Profile and Track Threat Actors | bsides-london-2023 |
| Podcast | Topic(s) | URL |
|---|---|---|
| Risky Biz News | Critical vulnerability (CVE-2022-1388) in F5 BIG-IP (from 8m 20s) | risky.biz |
| Technical Outcast | Curated Intelligence on the Conti Playbook leaks (from 30m 30s) | spotify.com |
| Darknet Diaries #126 | REvil Ransomware | darknetdiaries.com |
| Click Here by Recorded Future News | Breach Forums Takedown | twitter.com/ClickHereShow |
| MyOSINT Training | Part of the "Careers Using OSINT Skills" series | YouTube |
| Infosecurity Magazine | Inside the MOVEit Attack: Decrypting Clop's TTPs and Empowering Cybersecurity Practitioners (from 16m 21s) | infosecurity-magazine.com |
| Intel471 Cybercrime Exposed | The Extortionists | intel471.com |
| SANS Wait Just An Infosec | In Hot Pursuit: Tracking Ransomware Actors (from 13m 00s) | youtube.com |
| SANS Threat Analysis Rundown (STAR) | Disccusing Threats from Week 43 of 2023 | linkedin.com |
| SANS Wait Just An Infosec | Ransomware Kingpins LockBit Disrupted | YouTube |
- CISA.gov - Link to Curated Intel resource on Log4Shell
- HHS.gov - Malicious Use of Email Marketing Services
- HHS.gov - Abuse of Legitimate Security Tools and Health Sector Cybersecurity
- CERT Ukraine - APT28 (UAC-0028)
- CNN - LockBit attack on ICBC
- Reuters - ALPHV/BlackCat Exit Scam
- The Telegraph - Royal Mail SMS phishing campaigns
- The Telegraph - NB65 leverages Conti source code
- The Telegraph - Qilin Ransomware attack on the NHS
- Vice Motherboard - Workers Unite
- TechCrunch - Israel/Hamas War Hacktivism
- WIRED - Israel/Hamas War Hacktivism
- WIRED - Jia Tan & XZ Backdoor
- π€ My Interview with TheSecurityNoob blog here
- 1οΈβ£ Top of the 'Top 10 CTI Experts & Intelligence Pioneers' in 2024 here
- π On the SOCRadar 'Top 10 Twitter Accounts to Follow for Threat Intelligence' in 2023 here
- π On the SentinelOne '23 Influential Accounts to Follow in 2023' here
- Microsoft 365 Defender Threat Intelligence Team - Franken-phish
- Microsoft 365 Defender Threat Intelligence Team - The Conti Leaks
- Maltego - How Do You Run a Cybercrime Gang?
- RISKIQ - Turkey Dog
- Rapid7 - REvil attack on Kaseya
- Splunk - REvil attack on Kaseya
- VirusTotal Blog - North Korean APT using the Amadey Trojan
- Proofpoint - Charting TA2541's Flight
- SentinelOne - Ransomware Decryption Intelligence
- CyberDefenders - L'espion OSINT CTF
- SANS Internet Storm Center - Qakbot
- SANS OSINT Summit - Discord for CTI
- Phishunt.io - Community
- Bleeping Computer - Hunters International, potential Hive rebrand
- Bleeping Computer - APT Targeting Renewable Energy
- Bleeping Computer - Basecamp
- Bleeping Computer - North Koreans Targeting Researchers
- Bleeping Computer - BazarCall
- Bleeping Computer - Monzo phishing
- Bleeping Computer - Brute Ratel Cracked
- Bleeping Computer - ESXi Linux version of Royal Ransomware
- Bleeping Computer - Coinbase SMS attacks
- Bleeping Computer - Dragos Security Incident
- The Record - IcedID spam campaign
- The Record - Passwordstate
- The Record - APT31
- The Record - Trickbot
- The Record - Phorpiex
- The Record - BlackMatter
- The Record - REvil affiliate
- The Record - Log4Shell
- CyberScoop - Belarus Cyber Partisans
- CyberScoop - Aviation RATs
- CyberScoop - Exposing Ransomware Operators
- CyberScoop - Breach Forums Takedown
- CyberScoop - Genesis Market Seized
- CyberScoop - UK Electoral Commission Breach
- CyberScoop - ALPHV/BlackCat Exit Scam
- Risky Biz News - The Continuity of Conti
- Risky Biz News - Darth Maul Market
- Risky Biz News - RedZei
- Risky Biz News - Raspberry Robin
- Risky Biz News - GreenMwizi
- Risky Biz News - The DaVinci Group
- Arstechnica - APT31
- PortSwigger - North Koreans APTs
- DarkReading - RedZei
- The Register - Conti attack on HSE
- The Register - CL0P campaigns against MFTs
- Infosecurity Magazine - LockBit Claims TSMC Hack
- Infosecurity Magazine - UK Electoral Commission Breach
- Infosecurity Magazine - iSOON Leaks
- The Hacker News - TitanStealer
- The Hacker News - RedZei
- Security Affairs - Brute Ratel Cracked
- Security Affairs - CL0P claims ICS vendors
- SecurityWeek - APT campaign targeting EMEA and APAC governments
- SecurityWeek - ICS Vendors Targeted in Espionage Campaign Focusing on Renewable Energy
- Bank Info Security - iSOON Leak