PinnedChristian TaillonQakBot Detection: DUCK HUNTIn Russia, Ducks hunt you.4 min read·Jun 28, 2022--1--1
Christian TaillonPart-time Threat Hunting: Considering its EfficacyThis article is my response to two excellent blog posts by the Crowdstrike Overwatch team making the case against part-time threat hunting…8 min read·Jan 4, 2023--1--1
Christian TaillonQakBot Hunting: Autumn SpiceAutumn marks the beginning of the return of many familiar experiences. Familiar Halloween movies return to the screen; charming Fall time…7 min read·Oct 4, 2022----
Christian TaillonQakBot Detection: DUCK HUNT Part 2 — The .LNKAs promised in Part 1 of QakBot Detection: DUCK HUNT, we have a few more concepts to examine regarding the QakBot malware. In Part 1, we…6 min read·Jul 13, 2022----
Christian TaillonProphet Spider Exploits Citrix ShareFile to Deploy WebshellThe adversary group nicknamed Prophet Spider by Crowdstrike has chosen a new vulnerability to include in its exploitation tool kit. This…4 min read·Mar 18, 2022----
Christian TaillonWhat do we actually know about the Darkside Ransomware operators?You have likely heard a great deal about attacks on U.S. companies from Russian hacking groups such as Darksides attack on Colonial…8 min read·Jun 7, 2021----
Christian TaillonGitHub Actions Abuse by CryptominersAdversaries are abusing GitHub Actions to run known Cryptominers. GitHub Actions is a CI/CD solution to run scheduled tasks and provide…3 min read·Apr 5, 2021----