Recent Posts

Threat Hunting with Firewall Traffic
2 2822
Posted in Cyber Threat

Threat Hunting with Firewall Traffic

Project Name: Threat Hunting with Firewall Traffic Description: – Whenever attackers… read out Threat Hunting with Firewall Traffic

Cyber Security Lifecycle
4 2076
Posted in Cyber Threat

Cyber Security Lifecycle

Cyber Security Lifecycle Project Name: Cyber Security Lifecycle Description: Without applying… read out Cyber Security Lifecycle

Types of System Software
1 4244
Posted in Cyber Threat General

Types of System Software

Types of System Software Project Name: Types of System Software… read out Types of System Software

cyber security controls india
1 2296
Posted in Cyber Threat

Cyber Security Control

Cyber Security Control Project Name: Cyber Security Control Description: Cyber… read out Cyber Security Control

Packet Analytics
0 1120
Posted in Packet Forensics and Analytics

Packet Analytics

Packet Analytics Project Name: Packet Analytics Description: Packet Analytics includes… read out Packet Analytics

Packet Analytics
0 1818
Posted in Packet Forensics and Analytics

Moloch Packet Analytics

Moloch Packet Analytics Project Name:  Moloch Packet Analytics Description: Moloch… read out Moloch Packet Analytics

Live Evidence Invetigation
0 1624
Posted in Packet Forensics and Analytics

Installation of MOLOCH

Installation of MOLOCH Project Name: Installation of MOLOCH Description: Packet… read out Installation of MOLOCH

MOLOCH Usage
0 2534
Posted in Packet Forensics and Analytics

Moloch Usage

Moloch Usage Project Name: Moloch Usage Description: Moloch Usage includes… read out Moloch Usage

File Forensics
0 1926
Posted in General

How to investigate files

How to investigate files Project Name: How to investigate files… read out How to investigate files

Server Hacked
0 2686
Posted in Linux Server Investigation

Compromised Linux Server Investigation

Compromised Linux Server Investigation Project Name: Compromised Linux Server Investigation Description:… read out Compromised Linux Server Investigation

prodiscover forensics
0 3383
Posted in ProDiscover

How to use ProDiscover

  How to use ProDiscover Project Name: How to use… read out How to use ProDiscover

0 983
Posted in Data Recovery

Advance Data Recovery

Advance Data Recovery 1.    Chances for Data Recovery of Deleted… read out Advance Data Recovery

1 1525
Posted in Data Recovery

Data Recovery Concept

Data Recovery Concept   Data Recovery Concepts deal with following… read out Data Recovery Concept

Data Recovery Basic
0 1587
Posted in Data Recovery

Basic Data Recovery

Project Name: Basic Data Recovery Description: Basic Data Recovery will… read out Basic Data Recovery

Fraud Invetigation
0 1105
Posted in General

Fraud Investigation Concept

fraud investigation concept

0 1865
Posted in Digital Forensics

Forensics Analysis in India

Forensics Analysis in India Computer Forensics: – Computer forensics is… read out Forensics Analysis in India

0 1295
Posted in ProDiscover

ProDiscover Incident Response Project

ProDiscover Incident Response Project   Project Name: ProDiscover Incident Response… read out ProDiscover Incident Response Project

Digital Evidence India
0 1544
Posted in Digital Forensics

Digital Evidence India

Digital Evidence India Types of digital evidence India Digital Evidence… read out Digital Evidence India

Computer Forensics Fundamentals
0 1630
Posted in General

Forensics Incident Response

The Document Describes The Forensics Incident Response Checklist For Incident Management… read out Forensics Incident Response

Computer and Network Log Analytics
1 1762
Posted in Cyber Threat

Computer and Network Log Analytics

Computer and Network Log Analytics Project Name: Computer and Network Log… read out Computer and Network Log Analytics

HackForLab Weekly Threat Advisory · Jul 6-12 2026 · Beyond Ransomware · non-ransomware threat layer · 1,804 unique IOCs · 1,322 high-severity · 89 clusters · 11 RATs 7 APTs 1 WIPER · 5 headline cards: RuRAT cryptomining surge, The RAT Economy, UAT-7810 APT port fingerprint, Novel loader plus GigaWiper, macOS ClickFix first observed · fresh families Vidar RedWing UAT-7810 DPRK Lazarus PlugX GigaWiper
0 11
Posted in Threat Intelligence

Weekly Threat Advisory: Beyond Ransomware — 11 RATs, 7 APTs, 1 WIPER, HASH Still Leads (Jul 6 – 12, 2026)

The non-ransomware threat layer of the week. 1,804 unique IOCs across 89 clusters (ransomware excluded). RuRAT cryptomining surge (244 IOCs — wallet-drainer domain cluster). 11 RAT families active (Vidar, Millenium RAT v4, GoodPersonRAT, Dcrat, AsyncRAT, EtherRAT, QuimaRAT, Banana RAT + more). 7 APT clusters (UAT-7810 port fingerprint 2222/8088/99, DPRK 5-type spread, Lazarus, Cavern Manticore, MustangPanda, PlugX, UNK_MassTraction). Novel multi-stage LNK + JS-runtime backdoor (135 IOCs). GigaWiper — destructive-class malware, 10 IOCs. macOS ClickFix — first observation. HASH still beats IP (810 vs 468) even without ransomware. Full ATT&CK mapping per cluster, subnet anchors, top 15 IOCs per indicator type, four production-ready Sigma rules.

HackForLab Weekly Threat Advisory · Jun 29 – Jul 5 2026 · command-center briefing cover · SITREP 026·27 · 1,524 unique IOCs · 1,129 high-severity · 64 clusters · 5 named APTs · 5 headline cards: AsyncRAT surge, TONResolver novel blockchain-resolved C2, trust-anchor verification-page phishing, APT week UNC1151 APT36 TeamPCP Lazarus BitterAPT, Anubis and The Gentlemen ransomware · midnight navy with cyan amber emerald coral palette
0 21
Posted in Threat Intelligence

Weekly Threat Advisory: 5 APTs, 200 RATs, 74% High-Severity — The Week the C2 Flood Went Quiet (Jun 29 – Jul 5, 2026)

1,524 unique IOCs across 64 clusters. Extraordinary week: DOMAIN volume beat IP for the first time; 74% of records HIGH severity (usual baseline: 1-2%). 5 named APTs active (UNC1151, APT36, TeamPCP, Lazarus, BitterAPT) + CyberAv3ngers subnet anchor at 185.82.73.0/24. AsyncRAT surged to 200+ IOCs — largest RAT footprint YTD. TONResolver introduces novel blockchain-based C2 resolution. Trust-anchor phishing (Fake Google/Cloudflare verification pages, 54 IOCs, two subnet anchors). Anubis + The Gentlemen ransomware active. Steganographic ad malware (StegoAd) and AI-agent phishing surface as new attack patterns. Full ATT&CK mapping per cluster, subnet anchors, top 15 IOCs per indicator type, 4 production-ready Sigma rules.

HackForLab Weekly Threat Advisory · June 22-28 2026 · editorial bulletin cover · The State of the Threat · 54,820 observations · 87 clusters · 632 high-severity · 7 named APTs · 5 story cards: APT Week (Gamaredon Turla MustangPanda CL-STA-1062 Silent Lynx), DragonForce Full Kill Chain, Messaging Weaponised (WhatsApp VBScript Campaign), Supply Chain Surge (GhostShell Malicious npm Browser ad-blocker), New RAT on the Block (ModeloRAT)
0 24
Posted in Threat Intelligence

Weekly Threat Advisory: APT Surge, Ransomware Full-Pivot, Messaging Weaponised — June 22-28, 2026

54,820 indicator observations across 87 adversary clusters this week. Four state-aligned APTs active in parallel (Gamaredon, Turla, MustangPanda, CL-STA-1062 + Silent Lynx + APT-C-35 + APT38). A ransomware operator rotated a full multi-pivot kill chain in 7 days (DragonForce). Direct-messaging platforms weaponised as initial-access surface (WhatsApp VBScript Campaign, 61 IOCs, tight 202.61.160.0/24 subnet anchor). Five concurrent supply-chain campaigns against the developer ecosystem (GhostShell, Miasma, Malicious npm Package, Operation FlutterBridge, Chrome ad-blocker extension cluster). A new RAT family arrived (ModeloRAT, 39 IOCs, full footprint). Full MITRE ATT&CK mapping per cluster, subnet anchors, top 15 IOCs per indicator type, four production-ready Sigma rules.

Practitioner reference cover · Indicators of Compromise and Threat Intelligence · 6 framework cards: Pyramid of Pain, IOC Standards (STIX TAXII OpenIOC MISP), Pivoting Tradecraft (passive DNS WHOIS JARM JA4 cert), Diamond Model, TI Lifecycle + F3EAD, Detection Engineering (Sigma YARA ATT&CK Navigator SOAR) · framework chip strip: Pyramid of Pain · Diamond Model · Kill Chain · ATT&CK · STIX TAXII · Sigma YARA · F3EAD
0 24
Posted in General

Indicators of Compromise and Threat Intelligence: A Practitioner Reference

A working analyst reference. 20 sections covering the Pyramid of Pain, the atomic / computed / behavioural indicator taxonomy, the four IOC domains with field-level detail, pivoting tradecraft (passive DNS, WHOIS, JA3/JA4/JARM, TLS SAN, ASN), the standards (STIX 2.1, TAXII 2.1, OpenIOC, MISP), detection content (Sigma + YARA), IOC vs IOA vs TTP, the four TI tiers with producer-consumer contracts, the six-phase lifecycle with F3EAD overlay, intelligence requirements (PIR/SIR/KIT/KIQ), the Diamond Model of Intrusion Analysis, the Cyber Kill Chain mapped to MITRE ATT&CK, the Admiralty source reliability code, Traffic Light Protocol 2.0, the Hunting Maturity Model, detection-engineering pipelines, SOAR integration patterns, KPIs (MTTD / MTTR / dwell time / coverage / hit rate), and the practitioner reference stack. Vendor-neutral. Twelve practitioner FAQs.

HACKFORLAB Weekly Threat Advisory · June 15-21, 2026 · 55,480 indicator observations across 89 adversary clusters · radar showing intelligence graph with multi-pivot locked cluster · Rhysida-Interlock 219 IOCs, ClickFix 215 IOCs, JetBrains plugin supply chain attack, AI platform abuse, APT37 and UNC6508 active
0 29
Posted in Threat Intelligence

Weekly Threat Advisory: Cluster Analysis & Top IOCs, June 15 – 21, 2026

55,480 indicator observations across 89 adversary clusters this week. A ransomware operator rotated a full multi-pivot kill chain (Rhysida-Interlock, 219 indicators across 4 IOC types). Developer supply chain became this week’s preferred attack surface (15 typosquat code-editor plugins + 8 browser extensions + 6 marketing-CDN typosquats). AI platforms began appearing as adversary infrastructure (19 chat-share redirector domains + 39-indicator AI-generated lure campaign). Full MITRE ATT&CK mapping per cluster, subnet-clustering signals, top 15 IOCs per indicator type, and 4 production-ready Sigma rules.