CyberSec_Blog

  Incident Scenario There I was, seated with a Caffè Latte and cold server dump, while my team successfully lured IronShade-one of the world’s most renowned APT groups-into our honeypot using exposed SSH ports with weak credentials. Of course, sure enough, they pounced like moths to a flame. The fun part would then be trying to piece every single one of their moves together-like some sort of Sherlock in cybersecurity.The mission? To investigate the compromised Linux server, find the attack footprints, and maybe poke a little fun at the audacity of the “subtle” moves of IronShade Lab Incident Hackers Get Too Cocky According to the threat intel report, IronShade loves persistence-so do we all. They are supposed to have created backdoor accounts, cronjobs, and even installed their shady services. Think about your very own malicious startup operating on your infrastructure. But enough chit-chat; let’s dive in. Here is the juicy investigative breakdown. Explanation  - " Who Let the...