Blog - You'll log

You’ll Log 

Logging around the Christmas week Unless you have been attending too many Christmas lunches, dinners, drinks parties (like our fantastic ‘Friends Of Tiberium’ new office opening event), you will have seen the news that yet another piece of open source code running on Unix servers has been discovered to contain a critical bug which ‘could … Read more

Blog - The Number of The Beast

The Number Of The Beast

777 cyber incidents supported by the UK NCSC in the past 12 months  Last week the UK National Cyber Security Centre (NCSC- part of GCHQ) released its annual review and very interesting reading it makes.  With every passing year, the ‘hands on’ services of the NCSC increasingly support both the public and private sectors, announcing that this … Read more

Blog - Pegasus


No Hippo-cracy evident in WhatsApp versus NSO court case  We have all heard about the infamous Israeli cyber security software company NSO group whose most infamous work is the mobile device spying software Pegasus.  According to NSO, Pegasus software is allegedly only sold to “licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime,”. … Read more

Blog - Diamond Life - Smooth Operator

Diamond Life – Smooth Operator

Diamonds are a geek’s best friend You will no doubt have heard about the Russian ransomware gang called Conti (or something like that) which has spent the last year ransoming critical national infrastructure and national health services including the Irish Health and Safety Executive (HSE).  Following a meeting between POTUS Biden and Vlad, where it is reported that … Read more

Classifying domains through string entropy

Chapter 2: Classifying domains through string entropy

Introduction  This is the second blog in the ‘Classifying Malicious Domains’ series, which aims to give insight into how to we at Tiberium use our knowledge of attacker’s techniques, tactics, and procedures to detect attacks before they occur.  Today we’re going to talk about ‘dodgy’ looking domains – that is a domain that looks more like a plate of alphabet soup than a bona fide website.   An early tl;dr  … Read more

Chain Gang

Chain Gang

Microsoft has identified (more) Nation-State supply chain attacks  We all know about supply chain attacks, the most recent example being the Solarwinds/FireEye debacle in which parties third, outed as the Russian state-sponsored APT-29 group (also called Nobelium) by none other than the FBI and associated American Government departments (they have so many, it’s too confusing).  The long and short of these … Read more

Chapter 1 - Classifying Malicious Domains

Chapter 1: Classifying domains using RDAP

Using TTP-based intel to classify malicious domains  Introduction  This blog series will show how Tiberium harnesses intel around attackers’ tactics, techniques, and procedures to classify malicious domains as part of our FROST and MYTHIC 24/7 MSSP services.  Preventative security is cool. Having the ability to think several moves ahead of an attacker, identifying their presence while they still think they are invisible, and manning the barricades … Read more

Back Once Again header

Back Once Again

Those of you who have read more than one of these missives (thank you, thank you) may have noticed our fascination with the activities of the REvil ransomware group.  For those not up to speed, here is a REvil primer.  REvil (Ransomware Evil, see what they did there) is a Russian speaking cybercriminal gang that, as the name suggests, focus on encrypting, … Read more

Elastic fantastic

Elastic Fantastic

This week, Indonesia has had more than a few serious issues with its Cyber security.  After a month or so of communications and rectification, the Indonesian Government came clean, admitting that up to 13 Million records of travellers had been exposed to the public internet due to a poorly, or not at all, secured Elastic database, internet-facing, whoops.  The data exposed … Read more