Design a site like this with
Get started



Another infosec enthusiast blog

Latest from the Blog

A Deep Dive Into SoWaT: APT31’s Multifunctional Router Implant

Executive Summary APT31 is long known to use Operational Relay Boxes (ORBs) and compromise routers.This report examines in detail their only publicly known router implant, dubbed “SoWaT”The implant is capable to function as RAT, a tunnel and a proxy.Extensive verification and double-encryption procedures signal a TA trying to evade even the most capable defenderThe implant’s…

Uncovering Tetris – a Full Surveillance Kit Running in your Browser

Executive Summary A Chinese state sponsored threat actor is targeting Chinese-speaking opposition through waterholed websites.The Campaign uses a modular and custom JS surveillance framework, dubbed “Tetris”, implementing a wide range of browser feature.Almost all of Tetris’ components have zero AV detections. Tetris exploits vulnerabilities is 58 widely used websites, including Aliexpress, Baidu, QQ and Tmall.Three…