Breach Log - Every hack has a story to tell

Ep5: Revealing Rootkits

How do you know if your computer has been infected? In many cases there's a number of signs, but when it comes to a Rootkit unless you know where to look you may miss it. This episode covers 4 stories where Jai was involved in identifying and / or removing a unique rootkit from a system. Further Reading: * Google⁠⁠ [https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations] * CrowdStrike⁠⁠⁠ [https://www.crowdstrike.com/en-us/blog/spicy-hot-pot-rootkit-explained/⁠] * ⁠⁠GenDigital (Previously Avast)⁠⁠ [⁠https://www.gendigital.com/blog/insights/research/dirtymoe-introduction-and-general-overview-of-modularized-malware⁠] * ⁠⁠GenDigital 2 (Previously Avast)⁠⁠ [⁠https://www.gendigital.com/blog/insights/research/dirtymoe-rootkit-driver⁠] * ⁠⁠Trend Micro⁠⁠ [⁠https://www.trendmicro.com/en_us/research/21/j/purplefox-adds-new-backdoor-that-uses-websockets.html⁠] * ⁠⁠Checkpoint⁠⁠ [⁠https://research.checkpoint.com/2025/cracking-valleyrat-from-builder-secrets-to-kernel-rootkits/⁠] * ⁠⁠Asec Ahnlab⁠⁠ [https://asec.ahnlab.com/en/57185/⁠ ] -------- Credits: Music by various artists from Pixabay [https://pixabay.com/music/]

Ep4: Think Twice Before You Fix It with Cameron

What happens when a critical alert comes in on a system at 2am? Follow along with Cameron's story to find out more. Want to get technical? Read some public reporting: * Microsoft [https://www.microsoft.com/en-us/security/blog/2025/08/21/think-before-you-clickfix-analyzing-the-clickfix-social-engineering-technique/] * Trend Micro [https://www.trendmicro.com/en_us/research/26/c/kongtuke-clickfix-abuse-of-compromised-wordpress-sites.html] * Huntress [https://www.huntress.com/blog/malicious-browser-extention-crashfix-kongtuke] * Push Security [https://pushsecurity.com/blog/consentfix] * IDAT Loader YouTube 1 [https://youtu.be/0PzVv98s8-g?si=c1DPFwJf0xxsw3Jo] * IDAT Loader YouTube 2 [https://youtu.be/UA6MqCPTQAA?si=X_qn2Z6EsGJvxCEU] --------- Credits: Music by various artists from ⁠⁠⁠Pixabay [https://pixabay.com/music]

Ep3: Care to Exchange 0-days

What happens when a leak leads to a global cyber attack? What about when it's against systems with some of the most sensitive data in your organisation? Follow along as we recount the events detecting, responding, and investigating 0-day vulnerabilities being exploited in the wild. This story comes from the host of the show, Jai Minton [https://www.jaiminton.com/] Want to get technical? Read some public reporting: * ⁠Volexity [https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/] * CrowdStrike [https://www.crowdstrike.com/en-us/blog/falcon-complete-stops-microsoft-exchange-server-zero-day-exploits/] * Microsoft [https://www.microsoft.com/en-us/security/blog/2021/03/02/hafnium-targeting-exchange-servers/] * Penn Elcom (Parcel Study) [https://media.penn-elcom.com/pdf/PE_Global_Report_web_compressed.pdf] * CISA [https://www.cisa.gov/news-events/directives/ed-21-02-mitigate-microsoft-exchange-premises-product-vulnerabilities-closed ] * Microsoft again [https://blogs.microsoft.com/on-the-issues/2021/03/02/new-nation-state-cyberattacks/] --------- Credits: Music by various artists from ⁠⁠Pixabay [https://pixabay.com/music]

Ep2: The Unseen Impact of Ad Fraud with Max

You download, install, and run some software, and you get what you asked for, only with a little something extra. How can you tell whether the something extra is purely for ad fraud, or for something more sinister? This story comes from Max Margolis⁠ [https://www.linkedin.com/in/margolism/]. Do you have a story you'd like to share? Get in touch: breachlogpodcast [@] gmail.com Want to get technical? Read some public reporting: * Trend Micro [https://www.trendmicro.com/en_us/research/20/d/exposing-modular-adware-how-dealply-iserik-and-managex-persist-in-systems.html] * Fortinet [https://www.fortinet.com/blog/threat-research/dealply-revisited-leveraging-reputation-services-to-remain-under-the-radar] * BitDefender [https://www.bitdefender.com/files/News/CaseStudies/study/284/Bitdefender-WhitePaper-Erik-CREA3910-en-EN-GenericUse.pdf] * CATO Networks [https://www.catonetworks.com/blog/the-dga-algorithm-used-by-dealply-and-bujo/] * Bleeping Computer [https://www.bleepingcomputer.com/news/security/dealply-adware-abuses-microsoft-smartscreen-to-boost-av-evasion/] --------- Credits: Music by various artists from ⁠Pixabay [https://pixabay.com/music]

Ep1: The Vampire RAT

It's all fun and games until a researcher identifies a backdoor with ransomware capability, global victims, and hacked systems all around the world. Now if only someone would listen. This story comes from the host of the show, Jai Minton [https://www.jaiminton.com/]. Want to get technical? Read the Reverse Engineering write-up here [https://www.jaiminton.com/reverse-engineering/strrat] Do you have a story you'd like to share? Get in touch: breachlogpodcast [@] gmail.com --------- Credits: Music from Uppbeat: * Alert [https://uppbeat.io/t/anuch/alert] * Cold Fire [https://uppbeat.io/t/neozoic/cold-fire] * Distance [https://uppbeat.io/t/hartzmann/distance] Music and SFX [https://pixabay.com/sound-effects/] by various artists from Pixabay [https://pixabay.com/music]