Meta Account Takeover: The ig.me Phishing Technique On 24 March 2025, a targeted phishing attack compromised a user’s Meta accounts, leveraging Instagram’s “ig.me” link shortener to steal accounts and gain unauthorised access. The incident exposed the complications of Meta’s account system and again reinforces the need for multi-factor authentication (MFA). This is a brief (hopefully) look at how the attack unfolded, why it still works, and what we can learn from it. ...
Sleep Data Tracking: 10-Week Follow-Up Back in January, I kicked off an experiment to track my sleep with my Apple Watch Series 10, hoping to improve my rest and boost my deep sleep - the stage that is supposed to leave you feeling rejuvenated. My first night’s data (6 hours 52 minutes, 24.76% REM, 64.32% core, 8.74% deep, 2.18% awake) set the baseline, and I planned to check my progress after three months. Battery issues cut my tracking short at 10 weeks, but the data still revealed patterns I never would’ve noticed otherwise. Here’s what I learned about my sleep quality, how illness threw a curveball, and what the Apple Watch experience taught me. ...
Hack The Box Starting Point - Meow Walkthrough Welcome to the first post in my Hack The Box Starting Point series! This series will cover the beginner-friendly machines in Hack The Box’s Starting Point track, designed to help newcomers learn the basics of penetration testing. Today, we’re tackling Meow, a straightforward machine that introduces key concepts like VPN connections, port scanning, and basic service enumeration. This walkthrough includes a guide to setting up your hacking environment to finding your first ever flag! ...
RE2 in Kusto If you work with Kusto (Azure Data Explorer), you’re inevitably going to find yourself needing regular expressions. As someone who writes Kusto queries daily in security operations, I’ve developed a love-hate relationship with RE2 regex in KQL. It’s so powerful, but can be difficult to get your head around. This is my personal cheat sheet that I refer to, and I hope it saves you some time too. ...
This guide provides step-by-step instructions on how to analyse a malware sample on ANY.RUN. By following these steps, users can navigate the platform, search for existing malware samples, view connections and network traffic, collect IOCs, and gather more information about the threat. Navigate to ANY.RUN Go to ANY.RUN. Public Tasks Click “Public tasks” to view the public directory and submissions from the community. Filter by Tag, Hash, or IOCs Click here to filter by tag, hash, or other IOCs. This method allows us to quickly analyse existing malware samples instead of setting up our own sandbox. ...
Sleep Data Tracking Analysing My First Night of Sleep with Apple Watch I recently decided to track my sleep using my Apple Watch (Series 10) because I thought it would be interesting. I plan to compare this data to my average sleep health in 3 months to see any progress. Here’s a breakdown of my sleep stages and a comparison to optimal sleep ratios. My Sleep Data: Time Slept: 01:09 AM - 08:01 AM Total Sleep Time: 6 hours 52 minutes Breakdown: REM Sleep: 1 hour 42 minutes (24.76%) Core Sleep (Light Sleep): 4 hours 25 minutes (64.32%) Deep Sleep: 36 minutes (8.74%) Awake: 9 minutes (2.18%) Optimal Sleep Ratios: REM Sleep: 20-25% Core Sleep (Light Sleep): 50-60% Deep Sleep: 15-20% Awake: Less than 10% Observations: REM Sleep: My REM sleep ratio is within the optimal range. REM sleep is when dreaming happens, and it’s important for memory and learning, so that’s a plus. Core Sleep (Light Sleep): My core sleep ratio is a bit on the high side. Light sleep is necessary for body maintenance, but having too much might mean I’m missing out on deeper, more restorative sleep. Deep Sleep: My deep sleep ratio is below the optimal range. Deep sleep is the most restorative phase, crucial for physical restoration. I’d like to get more of this to feel more refreshed. Awake: My awake time is minimal and well within the optimal range, so it seems like my sleep was quite undisturbed, which is good. While last night’s sleep didn’t feel amazing, I think taking averages over the course of three months will give a more accurate picture of my sleep health. Plus, I’ve already started actively making some changes, like actively avoiding YouTube on my phone before bed. Keeping consistent and tracking my sleep will hopefully show some progress and help me get better rest over time. It’s going to be interesting to see the results in a few months’ time. ...
Bash Scripting Cheat Sheet: A Practical Guide I found myself doing the same tasks over and over again at work, and decided it was time to properly learn some bash scripting. Here’s my personal cheat sheet with the commands and patterns I actually use. The Basics: Variables and Output The building blocks of any script start with variables and displaying information. Nothing fancy, but you’ll use these constantly. Defining a Variable name="Lewis" Pro tip: Bash is extremely picky about spaces. name = "Lewis" will break your script! ...
Kusto Query Hints and Strategies When you’re working with a large volume of log data, query performance becomes more important. If you’ve ever stared at a loading screen while your Kusto query slowly runs in the background, this post is for you. Alternatively, if you grab a cup of tea while your query is running, you’re probably okay to not bother reading this. However, these are some performance hints I actually use (sometimes), not just theoretical optimisations. ...
Kusto Detective Agency Walkthrough of answers for Kusto Detective Agency Season 1 Welcome to the Kusto Detective Agency! This blog post provides a walkthrough for the Season 1 challenges, with the Kusto query answers hidden in collapsible sections so you can try to solve the challenges yourself first. Hints: Remember if you get stuck to refer to the hints in this answer sheet and in Kusto Detective Agency before checking the answers! ...
Introduction Phobos ransomware has been previously observed impersonating the well-known malware research community Vx-Underground. Initial access methods for Phobos are varied, but it has been known for exploiting software vulnerabilities, launching phishing campaigns to spread malicious payloads, and accessing hosts through external services such as brute forcing RDP. Despite its significant operational impact, with Phobos accounting for a notable 4% of all submissions to the ID Ransomware service in 2023, it hasn’t achieved the notoriety of other Ransomware-as-a-Service (RaaS) operations like Lockbit or REvil. This discrepancy points to the evolving and increasingly accessible nature of RaaS platforms, allowing less technically skilled attackers to launch ransomware campaigns. ...