Computers

  • Solving the ShadowCitadel Lab Blue team challenge 🫆

    Today, we dive into a host-based forensics investigation − a curious case of a breach inside the enterprise environment of a company called TechSynergy. They have detected an anomaly after an employee engaged with an unexpected email attachment. This triggered a series of covert operations within the network, including unusual account activity and system alterations.

    Read more ﹥

  • How to prevent token misuse in LLM integrations

    LLMs are powerful. And expensive. Every token counts, and if you’re building something that uses an LLM API (Claude, OpenAI, Gemini or PaLM, Mistral, etc.), malicious users can abuse it to burn through your credits. This is especially true for apps that take user input and feed it to the model. The trick is that

    Read more ﹥

  • Solving the XLMRat Blue team challenge

    Today we’re looking at the XLMRat malware. It is a remote access trojan (hence the RAT part) built to be small, sneaky, and stupidly persistent. It typically rides in via phishing or social engineering, often disguised as something mundane, like a JPG or TXT file. It targets Windows systems and speaks fluent PowerShell. It’s popular

    Read more ﹥

  • Billion-dollar brains: the real cost of AI

    AI-assisted coding feels like magic. You type what you want, and out comes working code. (well, maybe after a few hours of setup − but still) Like all magic, though, it has a cost. And right now, that cost is mostly hidden − even as the invoices show up every month. What makes it work

    Read more ﹥

  • Solving the BlueSky Ransomware Blue team challenge

    Today we’re looking at the BlueSky ransomware, a strain of malicious software that encrypts files on a victim’s system, rendering them inaccessible until a ransom is paid. First detected in June 2022, it shares similarities with other notorious ransomware families like Conti and Babuk.  BlueSky spreads through methods such as phishing emails, malicious links, and network

    Read more ﹥

  • Solving the DanaBot Blue team challenge

    In this blog post, we’ll walk through a Blue Team lab challenge hosted by CyberDefenders, specifically investigating a breach scenario involving DanaBot malware. The challenge is presented by CyberDefenders (https://cyberdefenders.org) and can be found here: https://cyberdefenders.org/blueteam-ctf-challenges/danabot. Note: This post is not sponsored by or affiliated with CyberDefenders. Initially, I knew very little about DanaBot. Turns out

    Read more ﹥

Copyright © 2026 {IT} All rights reserved. Unless otherwise stated, all text, images, diagrams, and other original content on this blog may not be reproduced, distributed, or used without prior written permission.