Logo

Background

  • Introduction
    • What?
    • Why?
    • How?
  • Unusual suspects
    • Nation state
    • Digital crime gangs
    • Insiders
    • Anyone, really
    • All of ‘em
  • Marketplaces
  • Red team takeover
    • Resources
  • Malware-as-a-Service (MaaS)
    • Tongue, cheek
  • Ransomware-as-a-Service (RaaS)
    • We do it for [insert reasons here]
  • Infostealer-as-a-Service (IaaS)
    • How infostealers are distributed
    • What info it tries to steal
    • Who is targeted
    • How to defend
    • Resources
  • Distribution shifts
  • More LOL
  • Botnet activity increase
    • Current
  • No device can ever be called secure
    • *nix
    • macOS
    • Apparently porting is well underway too
    • Resources

Mitre Att&Ck

  • Introduction
    • What?
    • Why?
    • How?
  • Drive-by compromise
  • Supply chain compromise
    • Static analysis notes
  • Phishing for information
    • Network detection resources
  • Application Layer Protocol: Mail Protocols
    • Network detection notes
  • Signs of a compromise @home

Device independent

  • Introduction
    • What?
    • Why?
    • How?
  • Phishing
    • Detection
    • Analysis
    • Prevention
    • Other mitigations
  • Drive-by download
    • Authorised downloads
    • Unauthorised downloads
    • Prevention
  • MFA bypass attacks
    • MFA fatigue
    • MitM
    • Token stealing
    • Future

Workstation specific

  • Introduction
    • What?
    • Why?
    • How?
  • Ransomware
    • Prevention
    • Detection
    • Response

Mobile specific

  • Introduction
    • What?
    • Why?
    • How?
  • Mobile malware
    • Lists
    • Indicators
    • Detection and mitigation (general)
    • Prevention (general)
  • Smishing
    • Detection
    • Mitigation
    • Prevention
  • Vishing
    • Robocalls
    • Detection
    • Mitigation
    • Prevention
  • SIM swapping
    • Prevention
  • OTP bots
    • Prevention
    • Resources
  • App squatting
    • Related labs
    • Resources
  • Ransomware
    • Resources
  • Madware
    • Prevention
  • Spyware
    • Detection
    • Mitigation
    • Prevention
  • Location tracking
    • Resources
  • Stalkerware
    • Growing list of found stalkerware
    • Detection
    • Mitigation
    • Prevention

Hardening endpoints

  • Introduction
    • What?
    • Why?
    • How?
  • A first strategy
    • Defence strategies
    • Keep calm and …
  • Android hardening
  • iOS hardening
  • Hardening Windows
  • Hardening GNU/Linux
  • Hardening macOS
  • Smarter mail servers
  • Active defence

Testlab

  • Phishing analysis tools
  • Mobile tools
  • Reverse engineering tools

TryHackMe rooms

  • Introduction
    • What?
    • Why?
    • How?
  • Basic phishing labs
  • The Greenholt Phish
    • Questions
  • Android malware analysis (Pithus and jadx)
  • iOS forensics (SQLiteDB)

Root-me challenges

  • APK anti-debug
Threat landscape @home
  • Ty Myrddin Home
  • Unseen University
  • Improbability Blog
  • About
  • Contact

Introduction

What?

Shifts in the landscape.

Why?

Watch the backdrop change.

How?

  • Unusual suspects

  • Marketplaces

  • Red team takeover

  • Malware-as-a-Service (MaaS)

  • Ransomware-as-a-Service (RaaS)

  • Infostealer-as-a-Service (IaaS)

  • Distribution shifts

  • More LOL

  • Botnet activity increase

  • No device can ever be called secure

Previous Next
Unseen University, 2025, with a forest garden fostered by /ut7.