Threat landscape @home

The below writeups are based on reading the usual threat landscapes, picking up what is reuseful for defending people’s devices, researching and adding what seems to be missing for @home contexts, updating passive defence strategies, and linking in some device hardening how-tos and hands-on exercises.

With that as foundation, we can develop the more unusual active defence strategies.

---

Threats

Background

• Introduction
• Unusual suspects
• Marketplaces
• Red team takeover
• Malware-as-a-Service (MaaS)
• Ransomware-as-a-Service (RaaS)
• Infostealer-as-a-Service (IaaS)
• Distribution shifts
• More LOL
• Botnet activity increase
• No device can ever be called secure

Mitre Att&Ck

• Introduction
• Drive-by compromise
• Supply chain compromise
• Phishing for information
• Application Layer Protocol: Mail Protocols
• Signs of a compromise @home

---

Prevent|Detect|Respond

Device independent

• Introduction
• Phishing
• Drive-by download
• MFA bypass attacks

Workstation specific

• Introduction
• Ransomware

Mobile specific

• Introduction
• Mobile malware
• Smishing
• Vishing
• SIM swapping
• OTP bots
• App squatting
• Ransomware
• Madware
• Spyware
• Location tracking
• Stalkerware

---

DIY

Hardening endpoints

• Introduction
• A first strategy
• Android hardening
• iOS hardening
• Hardening Windows
• Hardening GNU/Linux
• Hardening macOS
• Smarter mail servers
• Active defence

---

Testlab

• Phishing analysis tools
• Mobile tools
• Reverse engineering tools

TryHackMe rooms

• Introduction
• Basic phishing labs
• The Greenholt Phish
• Android malware analysis (Pithus and jadx)
• iOS forensics (SQLiteDB)

Root-me challenges

• APK anti-debug