-
Solving the XLMRat Blue team challenge
Today we’re looking at the XLMRat malware. It is a remote access trojan (hence the RAT part) built to be small, sneaky, and stupidly persistent. It typically rides in via phishing or social engineering, often disguised as something mundane, like a JPG or TXT file. It targets Windows systems and speaks fluent PowerShell. It’s popular
-
Billion-dollar brains: the real cost of AI
AI-assisted coding feels like magic. You type what you want, and out comes working code. (well, maybe after a few hours of setup − but still) Like all magic, though, it has a cost. And right now, that cost is mostly hidden − even as the invoices show up every month. What makes it work
-
Solving the BlueSky Ransomware Blue team challenge
Today we’re looking at the BlueSky ransomware, a strain of malicious software that encrypts files on a victim’s system, rendering them inaccessible until a ransom is paid. First detected in June 2022, it shares similarities with other notorious ransomware families like Conti and Babuk. BlueSky spreads through methods such as phishing emails, malicious links, and network
-
Solving the DanaBot Blue team challenge
In this blog post, we’ll walk through a Blue Team lab challenge hosted by CyberDefenders, specifically investigating a breach scenario involving DanaBot malware. The challenge is presented by CyberDefenders (https://cyberdefenders.org) and can be found here: https://cyberdefenders.org/blueteam-ctf-challenges/danabot. Note: This post is not sponsored by or affiliated with CyberDefenders. Initially, I knew very little about DanaBot. Turns out
-
The unboring NIST SP 800-190
When most of us hear “NIST guidelines”, our first reaction might be “another boring PDF I’ll never open again“. My first encounter with NIST Special Publication 800-190 happened when I was studying for the GIAC GCSA exam, which is focused on DevSecOps and container security. The SP 800-190 is refreshingly different. It isn’t just another