banner
andranglin.bsky.social
Adrian Anglin
@andranglin.bsky.social
82 followers 21 following 1K posts
Cybersecurity Enthusiast | Cloud & On-Prem Security Operations | Threat Hunting | DFIR Skilled in threat detection & response, with a drive for ongoing skill growth. Website: https://rootguard.git
rootguard.git
Posts Media Videos Starter Packs
Pinned
andranglin.bsky.social
Adrian Anglin @andranglin.bsky.social · Mar 2
Active Directory compromise is a top threat. Detect with event log monitoring & anomalous behaviour tracking.

Mitigate by enforcing least privilege, patching, and MFA.

More tips:
rootguard.gitbook.io/cyberops/soc...
Active Directory Compromise—Detection and Mitigation | RootGuard
rootguard.gitbook.io
andranglin.bsky.social
Adrian Anglin @andranglin.bsky.social · Jun 24
Essential Client-Side Vulnerabilities that Every Pentester Should Know:
hacklido.com/blog/1117-es...
Essential Client-Side Vulnerabilities that Every Pentester Should Know
Introduction Here in the 27th blog in our 30-project blog series on web security, we move to another set of attack vectors, the client-side attack ve...
hacklido.com
andranglin.bsky.social
Adrian Anglin @andranglin.bsky.social · Jun 12
OtterCookie: Analysis of Lazarus Group Malware Targeting Finance and Tech Professionals
any.run/cybersecurit...
OtterCookie: Analysis of New Lazarus Group Malware
Explore in-depth technical analysis of OtterCookie, a new North Korean Lazarus APT malware that steals victims' crypto and credentials.
any.run
andranglin.bsky.social
Adrian Anglin @andranglin.bsky.social · Jun 12
How Adversary Telegram Bots Help to Reveal Threats: Case Study
any.run/cybersecurit...
How Adversary Telegram Bots Help to Reveal Threats: Case Study  - ANY.RUN's Cybersecurity Blog
Discover how to intercept data stolen by cybercriminals via Telegram bots and learn to use it to clarify related threat landscape.
any.run
andranglin.bsky.social
Adrian Anglin @andranglin.bsky.social · Jun 12
Cyber Attacks on Government Agencies: Detect and Investigate with ANY.RUN for Fast Response
any.run/cybersecurit...
Cyber Attacks on Government Agencies: Detect and Investigate
Discover analysis of real-world cyber attacks on government organizations and see how ANY.RUN can help detect and investigate them.
any.run
andranglin.bsky.social
Adrian Anglin @andranglin.bsky.social · Jun 12
How MSSPs Can Analyze and Investigate Phishing Attacks with ANY.RUN
any.run/cybersecurit...
How MSSPs Can Analyze and Investigate Phishing Attacks
See a case study on how MSSPs can track down active phishing campaigns, identify their targets, and collect IOCs with ANY.RUN.
any.run
andranglin.bsky.social
Adrian Anglin @andranglin.bsky.social · Jun 10
Building a Cyberthreat-Resilient Organization
info.microsoft.com/ww-thankyou-...
Unified Security Platform | Microsoft Security
Read the e-book Building a Cyberthreat-Resilient Organization to learn about a unified security platform that integrates XDR, SIEM, and generative AI.
info.microsoft.com
andranglin.bsky.social
Adrian Anglin @andranglin.bsky.social · Jun 10
SOC Investigations 2025: Clues Are Key
www.cybertriage.com/blog/soc-inv...
SOC Investigations 2025: Clues Are Key
To protect the enterprise network, SOCs need to be able to investigate alerts. But they often lack the capability to investigate at scale.  The core
www.cybertriage.com
andranglin.bsky.social
Adrian Anglin @andranglin.bsky.social · Jun 10
Windows Registry Forensics Cheat Sheet 2025
www.cybertriage.com/blog/windows...
Windows Registry Forensics Cheat Sheet 2025
Save. This. Post. Our expert staff has compiled an up-to-date and comprehensive Windows Registry forensics cheat sheet, and it might be just what you need
www.cybertriage.com
andranglin.bsky.social
Adrian Anglin @andranglin.bsky.social · Jun 8
PHP Type Juggling Explained: The Silent Security Risk Lurking in Web Applications
hacklido.com/blog/1107-ph...
PHP Type Juggling Explained: The Silent Security Risk Lurking in Web Applications
Did you ever think about the reason some PHP applications can still be bypassed after various hard-to-guess login tries? Type juggling can be a helpful f...
hacklido.com
andranglin.bsky.social
Adrian Anglin @andranglin.bsky.social · Jun 7
Introduction to Threat Intelligence ETW
undev.ninja/introduction...
Introduction to Threat Intelligence ETW
A quick look into ETW capabilities against malicious API calls.
undev.ninja
andranglin.bsky.social
Adrian Anglin @andranglin.bsky.social · Jun 7
The Bitter End: Unraveling Eight Years of Espionage Antics—Part One
www.proofpoint.com/us/blog/thre...
The Bitter End: Unraveling Eight Years of Espionage Antics—Part One | Proofpoint US
This is a two-part blog series, detailing research undertaken in collaboration with Threatray. Part two of this blog series can be found on their website here.  Analyst note: Throughout
www.proofpoint.com
andranglin.bsky.social
Adrian Anglin @andranglin.bsky.social · Jun 7
Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine
blog.talosintelligence.com/pathwiper-ta...
Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine
Cisco Talos observed a destructive attack on a critical infrastructure entity within Ukraine, using a previously unknown wiper we are calling “PathWiper.”
blog.talosintelligence.com
andranglin.bsky.social
Adrian Anglin @andranglin.bsky.social · Jun 7
Fake WordPress Caching Plugin Used to Steal Admin Credentials
blog.sucuri.net/2025/06/fake...
Fake WordPress Caching Plugin Used to Steal Admin Credentials
Uncover the dangers of a malicious plugin that can steal admin credentials and compromise your WordPress site security.
blog.sucuri.net
andranglin.bsky.social
Adrian Anglin @andranglin.bsky.social · Jun 4
Spear Phishing in Armenia: Inside a Persistent Campaign by UNC5792
cyberhub.am/en/blog/2025...
Spear Phishing in Armenia: Inside a Persistent Campaign by UNC5792 - CyberHUB-AM
In early March 2025, CyberHUB-AM identified a targeted spear phishing campaign focused […]
cyberhub.am
andranglin.bsky.social
Adrian Anglin @andranglin.bsky.social · May 31
SCIM Hunting - Beyond SSO
blog.doyensec.com/2025/05/08/s...
SCIM Hunting - Beyond SSO · Doyensec's Blog
SCIM Hunting - Beyond SSO
blog.doyensec.com
andranglin.bsky.social
Adrian Anglin @andranglin.bsky.social · May 31
Tracking AyySSHush: a Newly Discovered ASUS Router Botnet Campaign
censys.com/blog/trackin...
Tracking AyySSHush: a Newly Discovered ASUS Router Botnet Campaign
censys.com
andranglin.bsky.social
Adrian Anglin @andranglin.bsky.social · May 31
LOLCLOUD - Azure Arc - C2aaS
Exploring Azure Arc’s overlooked C2aaS potential. Attacking and Defending against its usage and exploring usecases.
blog.zsec.uk/azure-arc-c2...
Azure Arc - C2aaS
Exploring Azure Arc’s overlooked C2aaS potential. Attacking and Defending against its usage and exploring usecases.
blog.zsec.uk
andranglin.bsky.social
Adrian Anglin @andranglin.bsky.social · May 28
Text-to-Malware: How Cybercriminals Weaponize Fake AI-Themed Websites
cloud.google.com/blog/topics/...
Text-to-Malware: How Cybercriminals Weaponize Fake AI-Themed Websites | Google Cloud Blog
Cybercriminals are using fake AI-themed ads and websites to deliver malware such as infostealers and backdoors.
cloud.google.com
andranglin.bsky.social
Adrian Anglin @andranglin.bsky.social · May 28
NSIS Abuse and sRDI Shellcode: Anatomy of the Winos 4.0 Campaign
www.rapid7.com/blog/post/20...
NSIS Abuse and sRDI Shellcode: Anatomy of the Winos 4.0 Campaign | Rapid7 Blog
Rapid7 has been tracking a malware campaign that uses fake software installers disguised as popular apps like VPN and QQBrowser—to deliver Winos v4.0, a hard-to-detect malware that runs entirely in me...
www.rapid7.com
andranglin.bsky.social
Adrian Anglin @andranglin.bsky.social · May 28
DarkCloud Stealer: Comprehensive Analysis of a New Attack Chain That Employs AutoIt
unit42.paloaltonetworks.com/darkcloud-st...
DarkCloud Stealer: Comprehensive Analysis of a New Attack Chain That Employs AutoIt
A new DarkCloud Stealer campaign is using AutoIt obfuscation for malware delivery. The attack chain involves phishing emails, RAR files and multistage payloads. A new DarkCloud Stealer campaign is usi...
unit42.paloaltonetworks.com
andranglin.bsky.social
Adrian Anglin @andranglin.bsky.social · May 27
Implementing SIEM and SOAR platforms
www.cyber.gov.au/resources-bu...
www.cyber.gov.au
andranglin.bsky.social
Adrian Anglin @andranglin.bsky.social · May 27
Earth Lamia Develops Custom Arsenal to Target Multiple Industries
www.trendmicro.com/en_us/resear...
Earth Lamia Develops Custom Arsenal to Target Multiple Industries
Trend™ Research has been tracking an active APT threat actor named Earth Lamia, targeting multiple industries in Brazil, India and Southeast Asia countries at least since 2023. The threat actor primar...
www.trendmicro.com
andranglin.bsky.social
Adrian Anglin @andranglin.bsky.social · May 26
Jigsaw RDPuzzle: Piecing Attacker Actions Together
insinuator.net/2025/01/jigs...
Jigsaw RDPuzzle: Piecing Attacker Actions Together
In a recent incident response project, we had the chance to virtually look over the attackers' shoulder and observe their activities. The attackers used the Remote Desktop Protocol (RDP) for lateral m...
insinuator.net
andranglin.bsky.social
Adrian Anglin @andranglin.bsky.social · May 26
One Tool To Rule Them All
shells.systems/one-tool-to-...
One Tool To Rule Them All - Shells.Systems
Estimated Reading Time: 9 minutes AMSI, CLM and ETW – defeated* with one Microsoft signed tool Let’s start with AMSI – everyone loves bypassing AMSI! In recent years, many (not all) antivirus product...
shells.systems
andranglin.bsky.social
Adrian Anglin @andranglin.bsky.social · May 26
Trend Micro™ Managed XDR Analysis of Infection From Fake Installers and Cracks
www.trendmicro.com/en_us/resear...
Trend Micro™ Managed XDR Analysis of Infection From Fake Installers and Cracks
Our research shows attackers use platforms like YouTube to spread fake installers via trusted hosting services, employing encryption to evade detection and steal sensitive browser data.
www.trendmicro.com