Adrian Anglin
@andranglin.bsky.social
Cybersecurity Enthusiast | Cloud & On-Prem Security Operations | Threat Hunting | DFIR
Skilled in threat detection & response, with a drive for ongoing skill growth.
Website: https://rootguard.git
Skilled in threat detection & response, with a drive for ongoing skill growth.
Website: https://rootguard.git
Pinned
Adrian Anglin
@andranglin.bsky.social
· Mar 2
Active Directory Compromise—Detection and Mitigation | RootGuard
rootguard.gitbook.io
Active Directory compromise is a top threat. Detect with event log monitoring & anomalous behaviour tracking.
Mitigate by enforcing least privilege, patching, and MFA.
More tips:
rootguard.gitbook.io/cyberops/soc...
Mitigate by enforcing least privilege, patching, and MFA.
More tips:
rootguard.gitbook.io/cyberops/soc...
Essential Client-Side Vulnerabilities that Every Pentester Should Know:
hacklido.com/blog/1117-es...
hacklido.com/blog/1117-es...
Essential Client-Side Vulnerabilities that Every Pentester Should Know
Introduction Here in the 27th blog in our 30-project blog series on web security, we move to another set of attack vectors, the client-side attack ve...
hacklido.com
June 24, 2025 at 9:09 AM
Essential Client-Side Vulnerabilities that Every Pentester Should Know:
hacklido.com/blog/1117-es...
hacklido.com/blog/1117-es...
OtterCookie: Analysis of Lazarus Group Malware Targeting Finance and Tech Professionals
any.run/cybersecurit...
any.run/cybersecurit...
OtterCookie: Analysis of New Lazarus Group Malware
Explore in-depth technical analysis of OtterCookie, a new North Korean Lazarus APT malware that steals victims' crypto and credentials.
any.run
June 12, 2025 at 3:29 PM
OtterCookie: Analysis of Lazarus Group Malware Targeting Finance and Tech Professionals
any.run/cybersecurit...
any.run/cybersecurit...
How Adversary Telegram Bots Help to Reveal Threats: Case Study
any.run/cybersecurit...
any.run/cybersecurit...
How Adversary Telegram Bots Help to Reveal Threats: Case Study - ANY.RUN's Cybersecurity Blog
Discover how to intercept data stolen by cybercriminals via Telegram bots and learn to use it to clarify related threat landscape.
any.run
June 12, 2025 at 3:29 PM
How Adversary Telegram Bots Help to Reveal Threats: Case Study
any.run/cybersecurit...
any.run/cybersecurit...
Cyber Attacks on Government Agencies: Detect and Investigate with ANY.RUN for Fast Response
any.run/cybersecurit...
any.run/cybersecurit...
Cyber Attacks on Government Agencies: Detect and Investigate
Discover analysis of real-world cyber attacks on government organizations and see how ANY.RUN can help detect and investigate them.
any.run
June 12, 2025 at 6:42 AM
Cyber Attacks on Government Agencies: Detect and Investigate with ANY.RUN for Fast Response
any.run/cybersecurit...
any.run/cybersecurit...
How MSSPs Can Analyze and Investigate Phishing Attacks with ANY.RUN
any.run/cybersecurit...
any.run/cybersecurit...
How MSSPs Can Analyze and Investigate Phishing Attacks
See a case study on how MSSPs can track down active phishing campaigns, identify their targets, and collect IOCs with ANY.RUN.
any.run
June 12, 2025 at 6:41 AM
How MSSPs Can Analyze and Investigate Phishing Attacks with ANY.RUN
any.run/cybersecurit...
any.run/cybersecurit...
Building a Cyberthreat-Resilient Organization
info.microsoft.com/ww-thankyou-...
info.microsoft.com/ww-thankyou-...
Unified Security Platform | Microsoft Security
Read the e-book Building a Cyberthreat-Resilient Organization to learn about a unified security platform that integrates XDR, SIEM, and generative AI.
info.microsoft.com
June 10, 2025 at 5:41 AM
Building a Cyberthreat-Resilient Organization
info.microsoft.com/ww-thankyou-...
info.microsoft.com/ww-thankyou-...
SOC Investigations 2025: Clues Are Key
www.cybertriage.com/blog/soc-inv...
www.cybertriage.com/blog/soc-inv...
SOC Investigations 2025: Clues Are Key
To protect the enterprise network, SOCs need to be able to investigate alerts. But they often lack the capability to investigate at scale. The core
www.cybertriage.com
June 10, 2025 at 5:40 AM
SOC Investigations 2025: Clues Are Key
www.cybertriage.com/blog/soc-inv...
www.cybertriage.com/blog/soc-inv...
Windows Registry Forensics Cheat Sheet 2025
www.cybertriage.com/blog/windows...
www.cybertriage.com/blog/windows...
Windows Registry Forensics Cheat Sheet 2025
Save. This. Post. Our expert staff has compiled an up-to-date and comprehensive Windows Registry forensics cheat sheet, and it might be just what you need
www.cybertriage.com
June 10, 2025 at 5:38 AM
Windows Registry Forensics Cheat Sheet 2025
www.cybertriage.com/blog/windows...
www.cybertriage.com/blog/windows...
PHP Type Juggling Explained: The Silent Security Risk Lurking in Web Applications
hacklido.com/blog/1107-ph...
hacklido.com/blog/1107-ph...
PHP Type Juggling Explained: The Silent Security Risk Lurking in Web Applications
Did you ever think about the reason some PHP applications can still be bypassed after various hard-to-guess login tries? Type juggling can be a helpful f...
hacklido.com
June 8, 2025 at 5:32 PM
PHP Type Juggling Explained: The Silent Security Risk Lurking in Web Applications
hacklido.com/blog/1107-ph...
hacklido.com/blog/1107-ph...
Introduction to Threat Intelligence ETW
undev.ninja/introduction...
undev.ninja/introduction...
Introduction to Threat Intelligence ETW
A quick look into ETW capabilities against malicious API calls.
undev.ninja
June 7, 2025 at 3:50 PM
Introduction to Threat Intelligence ETW
undev.ninja/introduction...
undev.ninja/introduction...
The Bitter End: Unraveling Eight Years of Espionage Antics—Part One
www.proofpoint.com/us/blog/thre...
www.proofpoint.com/us/blog/thre...
The Bitter End: Unraveling Eight Years of Espionage Antics—Part One | Proofpoint US
This is a two-part blog series, detailing research undertaken in collaboration with Threatray. Part two of this blog series can be found on their website here. Analyst note: Throughout
www.proofpoint.com
June 7, 2025 at 3:45 PM
The Bitter End: Unraveling Eight Years of Espionage Antics—Part One
www.proofpoint.com/us/blog/thre...
www.proofpoint.com/us/blog/thre...
Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine
blog.talosintelligence.com/pathwiper-ta...
blog.talosintelligence.com/pathwiper-ta...
Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine
Cisco Talos observed a destructive attack on a critical infrastructure entity within Ukraine, using a previously unknown wiper we are calling “PathWiper.”
blog.talosintelligence.com
June 7, 2025 at 3:45 PM
Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine
blog.talosintelligence.com/pathwiper-ta...
blog.talosintelligence.com/pathwiper-ta...
Fake WordPress Caching Plugin Used to Steal Admin Credentials
blog.sucuri.net/2025/06/fake...
blog.sucuri.net/2025/06/fake...
Fake WordPress Caching Plugin Used to Steal Admin Credentials
Uncover the dangers of a malicious plugin that can steal admin credentials and compromise your WordPress site security.
blog.sucuri.net
June 7, 2025 at 3:44 PM
Fake WordPress Caching Plugin Used to Steal Admin Credentials
blog.sucuri.net/2025/06/fake...
blog.sucuri.net/2025/06/fake...
Spear Phishing in Armenia: Inside a Persistent Campaign by UNC5792
cyberhub.am/en/blog/2025...
cyberhub.am/en/blog/2025...
Spear Phishing in Armenia: Inside a Persistent Campaign by UNC5792 - CyberHUB-AM
In early March 2025, CyberHUB-AM identified a targeted spear phishing campaign focused […]
cyberhub.am
June 4, 2025 at 7:23 AM
Spear Phishing in Armenia: Inside a Persistent Campaign by UNC5792
cyberhub.am/en/blog/2025...
cyberhub.am/en/blog/2025...
SCIM Hunting - Beyond SSO
blog.doyensec.com/2025/05/08/s...
blog.doyensec.com/2025/05/08/s...
SCIM Hunting - Beyond SSO · Doyensec's Blog
SCIM Hunting - Beyond SSO
blog.doyensec.com
May 31, 2025 at 3:19 PM
SCIM Hunting - Beyond SSO
blog.doyensec.com/2025/05/08/s...
blog.doyensec.com/2025/05/08/s...
Tracking AyySSHush: a Newly Discovered ASUS Router Botnet Campaign
censys.com/blog/trackin...
censys.com/blog/trackin...
Tracking AyySSHush: a Newly Discovered ASUS Router Botnet Campaign
censys.com
May 31, 2025 at 3:18 PM
Tracking AyySSHush: a Newly Discovered ASUS Router Botnet Campaign
censys.com/blog/trackin...
censys.com/blog/trackin...
LOLCLOUD - Azure Arc - C2aaS
Exploring Azure Arc’s overlooked C2aaS potential. Attacking and Defending against its usage and exploring usecases.
blog.zsec.uk/azure-arc-c2...
Exploring Azure Arc’s overlooked C2aaS potential. Attacking and Defending against its usage and exploring usecases.
blog.zsec.uk/azure-arc-c2...
Azure Arc - C2aaS
Exploring Azure Arc’s overlooked C2aaS potential. Attacking and Defending against its usage and exploring usecases.
blog.zsec.uk
May 31, 2025 at 3:17 PM
LOLCLOUD - Azure Arc - C2aaS
Exploring Azure Arc’s overlooked C2aaS potential. Attacking and Defending against its usage and exploring usecases.
blog.zsec.uk/azure-arc-c2...
Exploring Azure Arc’s overlooked C2aaS potential. Attacking and Defending against its usage and exploring usecases.
blog.zsec.uk/azure-arc-c2...
Text-to-Malware: How Cybercriminals Weaponize Fake AI-Themed Websites
cloud.google.com/blog/topics/...
cloud.google.com/blog/topics/...
Text-to-Malware: How Cybercriminals Weaponize Fake AI-Themed Websites | Google Cloud Blog
Cybercriminals are using fake AI-themed ads and websites to deliver malware such as infostealers and backdoors.
cloud.google.com
May 28, 2025 at 7:42 AM
Text-to-Malware: How Cybercriminals Weaponize Fake AI-Themed Websites
cloud.google.com/blog/topics/...
cloud.google.com/blog/topics/...
NSIS Abuse and sRDI Shellcode: Anatomy of the Winos 4.0 Campaign
www.rapid7.com/blog/post/20...
www.rapid7.com/blog/post/20...
NSIS Abuse and sRDI Shellcode: Anatomy of the Winos 4.0 Campaign | Rapid7 Blog
Rapid7 has been tracking a malware campaign that uses fake software installers disguised as popular apps like VPN and QQBrowser—to deliver Winos v4.0, a hard-to-detect malware that runs entirely in me...
www.rapid7.com
May 28, 2025 at 7:41 AM
NSIS Abuse and sRDI Shellcode: Anatomy of the Winos 4.0 Campaign
www.rapid7.com/blog/post/20...
www.rapid7.com/blog/post/20...
DarkCloud Stealer: Comprehensive Analysis of a New Attack Chain That Employs AutoIt
unit42.paloaltonetworks.com/darkcloud-st...
unit42.paloaltonetworks.com/darkcloud-st...
DarkCloud Stealer: Comprehensive Analysis of a New Attack Chain That Employs AutoIt
A new DarkCloud Stealer campaign is using AutoIt obfuscation for malware delivery. The attack chain involves phishing emails, RAR files and multistage payloads. A new DarkCloud Stealer campaign is usi...
unit42.paloaltonetworks.com
May 28, 2025 at 7:41 AM
DarkCloud Stealer: Comprehensive Analysis of a New Attack Chain That Employs AutoIt
unit42.paloaltonetworks.com/darkcloud-st...
unit42.paloaltonetworks.com/darkcloud-st...
Implementing SIEM and SOAR platforms
www.cyber.gov.au/resources-bu...
www.cyber.gov.au/resources-bu...
www.cyber.gov.au
May 27, 2025 at 4:00 PM
Implementing SIEM and SOAR platforms
www.cyber.gov.au/resources-bu...
www.cyber.gov.au/resources-bu...
Earth Lamia Develops Custom Arsenal to Target Multiple Industries
www.trendmicro.com/en_us/resear...
www.trendmicro.com/en_us/resear...
Earth Lamia Develops Custom Arsenal to Target Multiple Industries
Trend™ Research has been tracking an active APT threat actor named Earth Lamia, targeting multiple industries in Brazil, India and Southeast Asia countries at least since 2023. The threat actor primar...
www.trendmicro.com
May 27, 2025 at 3:59 PM
Earth Lamia Develops Custom Arsenal to Target Multiple Industries
www.trendmicro.com/en_us/resear...
www.trendmicro.com/en_us/resear...
Jigsaw RDPuzzle: Piecing Attacker Actions Together
insinuator.net/2025/01/jigs...
insinuator.net/2025/01/jigs...
Jigsaw RDPuzzle: Piecing Attacker Actions Together
In a recent incident response project, we had the chance to virtually look over the attackers' shoulder and observe their activities. The attackers used the Remote Desktop Protocol (RDP) for lateral m...
insinuator.net
May 26, 2025 at 12:28 PM
Jigsaw RDPuzzle: Piecing Attacker Actions Together
insinuator.net/2025/01/jigs...
insinuator.net/2025/01/jigs...
One Tool To Rule Them All
shells.systems/one-tool-to-...
shells.systems/one-tool-to-...
One Tool To Rule Them All - Shells.Systems
Estimated Reading Time: 9 minutes AMSI, CLM and ETW – defeated* with one Microsoft signed tool Let’s start with AMSI – everyone loves bypassing AMSI! In recent years, many (not all) antivirus product...
shells.systems
May 26, 2025 at 12:27 PM
One Tool To Rule Them All
shells.systems/one-tool-to-...
shells.systems/one-tool-to-...
Trend Micro™ Managed XDR Analysis of Infection From Fake Installers and Cracks
www.trendmicro.com/en_us/resear...
www.trendmicro.com/en_us/resear...
Trend Micro™ Managed XDR Analysis of Infection From Fake Installers and Cracks
Our research shows attackers use platforms like YouTube to spread fake installers via trusted hosting services, employing encryption to evade detection and steal sensitive browser data.
www.trendmicro.com
May 26, 2025 at 5:56 AM
Trend Micro™ Managed XDR Analysis of Infection From Fake Installers and Cracks
www.trendmicro.com/en_us/resear...
www.trendmicro.com/en_us/resear...