top of page


Weaponizing Windows Drivers: A Hacker's Guide for Beginners
In the never-ending cat-and-mouse game of cybersecurity, every advancement in defense inevitably drives attackers to evolve their...

Security Joes
25 minutes ago10 min read


Modern Incident Response: Tackling Malicious ML Artifacts
Machine learning model files (e.g. .pkl, .pt, .onnx, .pb) can serve as stealthy malware carriers. When a serialized model is the root cause of a breach, incident responders face unique challenges in detection, analysis, and attribution.

Security Joes
May 1212 min read


Gaps in Traditional DFIR Playbooks: Machine Learning Models
Incidents involving malicious ML models reveal significant weaknesses in standard Digital Forensics and Incident Response (DFIR)...

Security Joes
May 410 min read


Crowdstrike Global Outage: Effective Solutions To Mitigate The Impact
Crowdstrike outage

Security Joes
Jul 19, 20242 min read


Security's Achilles' Heel: Vulnerable Drivers on the Prowl
A notable trend in cyber threats nowadays is the exploitation of vulnerabilities in drivers through the Bring Your Own Vulnerable Driver...

Security Joes
Jul 15, 202414 min read


Hide and Seek in Windows' Closet: Unmasking the WinSxS Hijacking Hideout
Our investigation has revealed an innovative approach that leverages executables commonly found in the trusted WinSxS folder and exploits...

Security Joes
Jan 1, 20248 min read


Mission "Data Destruction": A Large-scale Data-Wiping Campaign Targeting Israel
Mission "Data Destruction": A Large-scale Data-Wiping Campaign Targeting Israel

Security Joes
Nov 10, 20235 min read


BiBi-Linux: A New Wiper Dropped By Pro-Hamas Hacktivist Group
Security Joes Incident Response team volunteered to assist Israeli companies during the times of war between the state of Israel and the...

Security Joes
Oct 30, 20235 min read


New Attack Vector In The Cloud: Attackers caught exploiting Object Storage Services
Security Joes Incident Response team recently became aware of a set of relatively new CVEs that were released at the end of March 2023....

Security Joes
Sep 4, 202318 min read


Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution
Our research team is committed to continuously identifying potential security vulnerabilities and techniques that threat actors may...

Security Joes
Jun 27, 202314 min read


Microsoft Patch Tuesday: Two Actively Exploited 0-Days & 9 Critical CVEs
Microsoft's latest Patch Tuesday rollout for March 2023 has included a staggering 80 security patches, with nine vulnerabilities being...

Security Joes
Mar 15, 20234 min read


Threat Alert: Silicon Valley Bank Crash Triggers Cybersecurity Risks
On Friday, Silicon Valley Bank, a prominent lender to the technology industry, collapsed, causing panic among its customers and...

Security Joes
Mar 12, 20234 min read


Operation Ice Breaker Targets The Gam(bl)ing Industry Right Before It's Biggest Gathering
In September of last year, our Incident Response team was called to an incident that was identified as an attempt of social engineering...

Security Joes
Feb 1, 202313 min read


Raspberry Robin Detected ITW Targeting Insurance & Financial Institutes In Europe
Recent attacks documented in previous months seem to be orchestrated by hacking groups using a framework called Raspberry Robin. This...

Security Joes
Jan 2, 20238 min read


Open {Your} A{Eyes} - 2023 Predictions
Security Joes is a multi-layered incident response and MDR firm based out of Israel. It had been invited to investigate numerous...

Security Joes
Dec 11, 20224 min read


FBI, CISA say Cuba ransomware gang extorted $60M from victims this year
According to TechCrunch, "The Cuba ransomware gang extorted more than $60 million in ransom payments from victims between December 2021...

Security Joes
Dec 2, 20221 min read


Dissecting PlugX To Extract Its Crown Jewels
PlugX is a malware family first spotted in 2008. It is a Remote Access Trojan that has been used by several threat actors and provides...

Security Joes
Sep 14, 20221 min read


Another European nation hit by hackers, Montenegro grapples with ongoing ransomware attack
According to Cyberscoop, "Multiple Montenegrin government websites remained inaccessible Friday, a week after government officials there...

Security Joes
Sep 2, 20221 min read


Iranian Hackers Still Exploiting Log4j Bugs Against Israel
According to BleepingComputer, "Hackers continue to exploit the Log4j vulnerability in vulnerable applications, as shown by the Iranian...

Security Joes
Aug 26, 20221 min read


Backdoor Via XFF - Mysterious Threat Actor Under Radar
Our incident response team caught a strange-looking Webshell activity on a server that was running an internal web application. It raised...

Security Joes
Jun 15, 20221 min read
bottom of page