Thirdeye Intelligence

If cyber threats had a most-wanted list, Chip would be the detective cracking the case! My blog dives deep into the world of cyber intelligence, unraveling attacks, trends, and security tactics with a mix of wit and wisdom. Whether you’re a seasoned pro or just cyber-curious, expect insights that pack a punch—no fluff, just the good stuff!

Bob and Chip Talks Cyber Comics
The 5W Wire
LinkedIn

  • Threat Hunting and Pyramid of Pain

    The buzz word first came in 2014 and individuals who were actually performing activities such as hunting for adversaries within network interested in Threat Hunting agreed with it on all aspects. During Threat Hunting and/or intelligence gathering or incident response we are mostly concentrating on identifying indicators of compromise and… Read More ⇢

  • Phishing SMS – A failed attempt

    Just about an hour ago I received an text from one of my mentors. Excited, I read but I know him very well and knew it wasn’t him. The phishing text : It’s possible to do 10 k in 10 day. hxxp://www.prosperity-today.com I texted him directly with a new message… Read More ⇢

  • YARA rule for Dridex

    Have been learning YARA from few days and below is my first YARA rule for a IOCs collected while analysing a word document. Analysis concluded with presence of Dridex malware. rule dridex : dridex { meta: description = “Dridex Malware Indicators” author = “Kunal Makwana” date = “2016/04/03” thread_level =… Read More ⇢

  • List of IOCs collected so far

    Hunters, This post is to share indicators of compromise that I collected so far for analysis and investigation that I have been doing. Most of the them are collected from other websites as json, MISP exports etc. Normally I update that back to csirtg.io/users/makflwana but I just wanted to share… Read More ⇢

  • A javascript file – Invoice from UK

    It’s been quite a while I was able to analyse my spam emails. Recently, I received an email with a zip attachment claiming to be an invoice. Screenshot of the email below. Email Analysis : sender : Woodard.52@sunshine-yorkshire.co.uk IP – extracted from the header : 130.204.206.58 – 602ad0ccae26.softphone.blizoo.bg – Blugaria Sender… Read More ⇢

  • The Vendor, The MSSPs and The Consultant

    I have been waiting for quite a while to write something about my experience with vendors, MSSPs and consultants. This is my own opinion and is not targeting any specific entity. I have worked with multiple vendors, MSSPs and consultants and what I have always noticed is, the “OUR” attitude.… Read More ⇢

  • CIF – Ransomware Tracker abuse.ch feeds

    Good Day guys!!!!!. Just finished another yml script to collect feeds from abuse.ch for Ransomware (ransomware tracker) and has been uploaded on my github account. Threat feeds is provided in CSV format and therefore CSV parser have been used. YML script is available on my github account – https://github.com/makflwana/CIF-Threat-Feeds-and-parsers Happy Hunting!!!!!!! Read More ⇢

  • CIF – Feodotracker threat feeds

    Good Day guys!!!!!. Was able to write another yml script to collect feeds from Feodotracker and has been uploaded on my github account and also a project that I am honoured to work on with CSIRT (with guidance of Wes Young) – BEARDED AVENGER. This is a new version of… Read More ⇢

  • CIF – cleanmx threat feeds

    Good Day today indeed. Have finally got some time to work on my skills for CIF and writing configuration (YAML scripts) to fetch open source threat feeds. Started with a disabled configuration (/etc/cif/rules/disabled/cleanmx.cfg) for cleanmx. The cleanmx.cfg file provided should be referenced for the remote sites and id for cleanmx, that… Read More ⇢