Ivanti EPMM ‘Sleeper Shells’ not so sleepy?

In late January 2026 an advisory covering two remote code execution vulnerabilities (CVE-2026-1281 & CVE-2026-1340) in Ivanti Endpoint Manager Mobile (EPMM) was published. Shortly after reports (in example by tenable) mentioned publicly available proof-of-concept exploits. On 09th February 2026, Defused published a blog post mentioning a specific webshell being deployed on EPMM devices via this … Continue reading Ivanti EPMM ‘Sleeper Shells’ not so sleepy? →

What Did the Attacker Read? MailItemAccessed Tells You

The Growing Threat of BEC Business Email Compromise (BEC) is a growing threat vector that often results in significant financial and reputational damage. Typically, BEC attacks aim to commit fraud, steal data, or compromise supply chains. A common characteristic of these attacks is gaining access to the victim's emails, often going in pair with the … Continue reading What Did the Attacker Read? MailItemAccessed Tells You →

Tracking historical IP assignments with Defender for Endpoint logs

A new incident comes in. The CEO’s laptop shows possible Cobalt Strike activity. Your host investigation shows that the attacker likely gained privileged access to her host and the initial activity is from two days ago. You contain the host in your EDR agent. But now you must determine if the attacker moved laterally inside … Continue reading Tracking historical IP assignments with Defender for Endpoint logs →

Hunting Chromium Notifications

Browser notifications provide social-engineering opportunities. In this post we'll cover the associated forensic artifacts, threat hunting possibilities and hardening recommendations.

MEGAsync Forensics and Intrusion Attribution

MEGAsync forensics can be leveraged to identify exfiltrated files, additional victims and, subsequently, perform attribution.

From Evidence to Advantage: Leveraging Incident Response Artifacts for Red Team Engagements

Leveraging Incident Response Artifacts featured image

What is this blog post about? This blog post is about why incident responder artifacts not only play a role on the defensive but also offensive side of cyber security. We are gonna look at some of the usually collected evidences and how they can be valuable to us as red team operators. We will … Continue reading From Evidence to Advantage: Leveraging Incident Response Artifacts for Red Team Engagements →