~/packetpursuit $ tail -f ./blog/feed.log
Organic writeups, analysis, and research — straight from the lab.
2024-12-15
Walkthrough of capturing a Rondodox/Mirai IoT botnet variant in our T-Pot deployment, extracting the binary, and performing static analysis in Ghidra to map C2 infrastructure.
read more →2024-11-28
How I connected MISP, OpenCTI, and ELK Stack into a unified threat intelligence pipeline — from raw honeypot data to actionable indicators shared via STIX/TAXII.
read more →2024-10-10
Breakdown of the Kinsing crypto miner infection chain captured in the lab — from initial exploit to persistence mechanisms and network indicators.
read more →2024-09-20
Latest iteration of the home lab network architecture — VLANs, firewall rules, and isolated zones for safe malware detonation and red team exercises.
read more →Automated threat intel updates — feed refreshes every 2-5 days.
2024-12-18
Critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProtect gateway. Active exploitation confirmed. CVSS 10.0.
read more →2024-12-14
CISA advisory warns of renewed APT29 activity targeting U.S. energy infrastructure with sophisticated spear-phishing lures impersonating regulatory bodies.
read more →2024-12-10
CVE-2024-21887 authentication bypass in Ivanti Connect Secure being actively exploited in the wild. Chained with SSRF for remote code execution.
read more →2024-12-05
Updated Kinsing variant scanning for exposed Docker API endpoints. Deploys XMRig miner and establishes persistence via cron jobs and rootkit modules.
read more →