AI in Security Systems

From RAGs to Riches: Using LLMs and RAGs to Enhance Your…

1.1      Introduction In this blog, I will explore Retrieval-Augmented Generation (RAG) and how it can be applied to research capabilities. RAG is a framework that integrates retrieval-based models with generative AI to provide accurate and context-aware responses by storing and retrieving snippets of relevant information prior to prompting. 1.2      LLMs and RAG Before jumping into the … Read more

The Hidden Trap in the PCI DSS SAQ A Changes

The Payment Card Industry Security Standards Council (PCI SSC) just announced a change to Self Assessment Questionnaire A (SAQ A). The change eliminates two (2) requirements relevant to eCommerce sites, 6.4.3 and 11.6.1, that are designed to prevent and detect tampering with payment page scripts. While this appears to make compliance easier, and SAQ A … Read more

TAG-124’s Multi-Layered TDS Infrastructure and Extensive User Base

Analysis cut-off date: January 7, 2025 Executive Summary Insikt Group has identified multi-layered infrastructure linked to a traffic distribution system (TDS) tracked by Recorded Future as TAG-124, which overlaps with threat activity clusters known as LandUpdate808, 404TDS, KongTuke, and Chaya_002. TAG-124 comprises a network of compromised WordPress sites, actor-controlled payload servers, a central server, a … Read more

2024 Annual Report

Explore our 2024 Threat Analysis and 2025 Predictions In 2024, two key trends defined the cybersecurity landscape: the resilience of cybercriminal networks despite law enforcement actions and the growing complexity of enterprise attack surfaces. In addition, state-sponsored threat actors, primarily linked to China and Russia, intensified their focus on critical infrastructure and leveraged generative AI … Read more

Operating Inside the Interpreted: Offensive Python

Introduction Every once in a while, I get the urge to go back and revisit older techniques that used to be popular but have fallen out of favor with the offensive community. Things like Office Macros, PowerShell, and custom shellcode loaders used to be incredibly effective but are now deemed “burned” by many industry colleagues … Read more

Kiosk/POS Breakout Keys in Windows

There is an old axiom that goes something like “If an enemy has physical access to your box, it is no longer your box”. With enough time, and baring well-implemented cryptography, someone will get to the data on the system eventually. This axiom definitely applies to public kiosks and in some cases point of sale … Read more

Command Line Underdog: WMIC in Action

My typical engagements are mostly Red Teams, so I do not often get a chance to play with terminal server application breakouts—but on a recent engagement, I did. For me, it was a great refresher on typical things to do after you have escaped the intended application and want to get more code execution. For … Read more

Unveiling Russian Surveillance Tech Expansion in Central Asia and Latin America

Summary Several countries in Central Asia and Latin America base their digital surveillance capabilities on Russia’s System for Operative Investigative Activities (SORM), indicating that Russian surveillance technology has proliferated in Russia’s near abroad and among its allies. Insikt Group identified evidence of at least eight SORM providers exporting to these regions, with at least fifteen … Read more

Solving NIST Password Complexities: Guidance From a GRC…

Not another password change! Isn’t one (1) extra-long password enough? As a former Incident Response, Identity and Access Control, and Education and Awareness guru, I can attest that password security and complexity requirement discussions occur frequently during National Institute of Standards and Technology (NIST) assessments. Access Control is typically a top finding in most organizations, … Read more

Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation

From November 2023 to April 2024, Insikt Group identified cyber-espionage activities conducted by RedJuliett, a likely Chinese state-sponsored group, primarily targeting government, academic, technology, and diplomatic organizations in Taiwan. RedJuliett exploited known vulnerabilities in network edge devices such as firewalls, virtual private networks (VPNs), and load balancers for initial access. The group likely operates from … Read more