Online and at conferences, people ask me how to get started in threat intel. What I usually offer as advice to budding analysts starting out is to practise analysing things in the wild. And by 'analysing things in the wild' I mean looking for live reports of cybercriminal activity by others online. One of my favourite examples is SMS phishing text messages, also called Smishing scams.Source: Investigating SMS phishing text messages from scratch
// Related reporting
Stryker ‘Handala’ incident: global Microsoft environment disruption and reported remote device wipes
Disruptive Iran-nexus hacktivist operation claims large-scale data destruction as Stryker restores services and CISA investigates.
Storm-2561 pushes fake VPN installers via SEO poisoning to steal enterprise credentials
A credential theft operation uses lookalike VPN download sites and GitHub-hosted ZIPs to drop signed malware that harvests VPN logins and configuration data.
BadPaw and MeowMeow: steganographic .NET malware hits Ukrainian targets
A ClearSky report details a new loader and backdoor pair, and Scythe shows how to operationalise it as continuous adversary emulation.