A highly targeted phishing campaign has been hitting hotel guests across Luxembourg. Originally flagged by the Computer Incident Response Center Luxembourg (CIRCL), this campaign stands out not because of advanced malware, but because of its impeccable contextual credibility . Threat actors aren't guessing targets; they are hitting actual hotel guests on WhatsApp with exact, legitimate booking details to steal credit card data. As part of a technical review into the infrastructure, we analyzed a recent Indicator of Compromise (IoC) linked to this campaign: [https://stay-hotel607923.com](https://stay-hotel607923.com) . Here is the deep dive into how this attack works, the infrastructure behind it, and how to track it. The Attack Workflow: Smishing with Context Most phishing campaigns rely on volume, hoping a small fraction of a massive email list bites. This campaign relies on precision. The Data Exposure: CIRCL assesses that the campaign's source data may originate from servi...
Let's build our own SOC using open-source tools such as Zeek, Sigma and OSQuery. Please note, this is a bit of a notes dump of how I set it up. It is not a step by step guide but you could pop this into an AI chat bot to get a step by step guide going for your systems. For quite some time now I have been concentrating on offensive security, malware analysis and reverse engineering. But let's flip the script and start to look at how to defend against all of the above and more. The SOC is the command hub of enterprise defense, it is where large amounts of data from endpoints, networks, application and cloud services are collected and analysed. A skilled SOC analyst balances technical fluency with adversary knowledge. First step - Determine our adversary framework First we need to understand our adversary framework so we get a head start on knowing how to build our detection platform. We will engineer our detection directly to the MITRE ATT&CK framework (https://attac...