SirPicklJohn

SirPicklJohn

Capture The Flag

TryHackMe Room Writeup: Sakura

This writeup covers the TryHackMe "Sakura" room, featuring an OSINT investigation into a fictitious hacker who attacked the OSINT Dojo. This room is designed to test a diverse range of OSINT techniques, including those related to image, social media, and geolocation intelligence.

·SirPicklJohn
Intelligence

Intelphreak - February 28, 2025

The Ghost/Cring Ransomware Gang's Unique Success; DMARC Required Under PCI DSS On March 31st of 2025; Apple Removes iCloud Encryption for UK; Recent High Efficacy Social Engineering Tactics; North Korean-Linked Attackers Stole $1.46 Billion in Crypto From Bybit Exchange

·ResidentGood
Research

New Insights on the Ghost Ransomware Gang and their Peculiar Success

This cyber threat intelligence investigation hunts ghosts - seeking to answer why the Ghost/Cring ransomware gang is so successful at eluding security researchers and being profitable, especially when they avoid phishing in favor of targeting known-vulnerabilities in internet-facing systems.

·SirPicklJohn
Research

A Demonstration of the Potential for Modern LLM Abuse by Threat Actors

This article details the findings of two studies that highlight how security vulnerabilities in publicly-accessible LLMs can present a threat to public security through the proliferation of malicious knowledge, guidance in committing illegal activities, and generation of malicious content.

·SirPicklJohn
Intelligence

Intelphreak - February 11, 2025

Trump Disbands DHS Advisory Boards, LLM Jailbreaks Are Fueling Threats, DeepSeek Has Global Impact, Vulnerabilities in Contec Patient Monitors Allow PII Leakage & RCE, Subaru STARLINK Vulnerability Allowed Unauthorized Remote Control of Vehicles, 2 Vulnerabilities in Apple Hardware

·ResidentGood
Intelligence

Intelphreak - January 22, 2025

Phishing Campaigns Target California Fires, TikTok Ban Delayed, UK Considers New Ransomware Laws, Critical MacOS Attacks & Security Bypasses, Treasury Attack Attributed to Silk Typhoon, Critical Aviatrix Exploit, Expired Domains Present New Security Threats, Patch Tuesday Fixes Major Security Issues

·ResidentGood
Intelligence

Intelphreak - January 8, 2025

2024 Cybersecurity Recap, New Non-Social Engineering TTPs, Major Browser Extension Supply Chain Attack, Japan Airlines DDoS Attack, OpenAI Fined €15 Million, HHS Proposes Changes to HIPAA, Researchers Discover New Lazarus Group Malware Campaign, Chinese Nation-State Actors Breach US Treasury Data

·ResidentGood
Research

2024 Recap of Cybersecurity, with Insights for the Future

2024 saw record-breaking breaches, an incredible AI boom, novel techniques and attack chains, and highly sophisticated cybercrime & cyberwarfare operations. Cybersecurity came into the public purview due to the cascading effects of cyber incidents that affected millions of people worldwide.

·SirPicklJohn
Intelligence

Intelphreak - December 23, 2024

Chinese APTs Target U.S. Infrastructure; IOCONTROL Malware Hits OT, IoT, SCADA Devices; Widespread WordPress Exploitation; Prometheus Toolkit Vulnerabilities; Latest On Social Engineering; PUMAKIT Malware Targets Linux Kernels; FTC Warning On Scam Task Jobs

·ResidentGood