David Kasabji

Principal Threat Intelligence Engineer

David Kasabji is a Principal Threat Intelligence Engineer at the Conscia Group. His main responsibility is to deliver relevant Threat Intel in different formats to specific audiences, ranging from Conscia’s own cyberdefense, all the way to the public media platforms. His work includes analyzing and engineering Threat Intel from various data sources, reverse engineering obtained malware samples, crafting TTPs based on acquired information, and publishing R&D content.

Content by this profile

Blog

The Stealthy Cyber Threat: Abuse of GitHub for Malicious Purposes

In the evolving landscape of cybersecurity threats, GitHub, a popular collaborative coding and version control platform, has emerged as a new frontier for cybercriminals and...
Read more
Blog

Understanding the Risks of Unprompted One-Time Passcodes in Cybersecurity

In the dynamic world of cybersecurity, understanding the implications of receiving an unprompted one-time passcode (OTP) is crucial. This occurrence often signals a significant security threat: the...
Read more
Blog

How Cybercriminals Exploit Legitimate Internet Services for Malicious Purposes

Cybercriminals increasingly manipulate reputable platforms such as Google Drive, OneDrive, Notion, and GitHub to camouflage their malicious activities within regular web traffic. This tactic not...
Read more
Blog

New Critical Vulnerability in Cisco IOS XE Software Poses Cybersecurity Concerns

CVE-2023-20198 vulnerability affects physical and virtual devices running Cisco IOS XE software with the HTTP or HTTPS Server feature enabled​.
Read more
Blog

Enumeration Attacks: A Deep Dive into Threat Actors Generating Valid Payment Data

Enumeration attacks, especially banking identification number (BIN) generation attacks, enable threat actors to produce and validate payment card numbers. These attacks, while not new, are high-effort and...
Read more
Blog

Adversary-In-The-Middle Attack (AiTM): A novel way to evade MFA

In the vast realm of cyber threats, a relatively newer but impactful method has emerged: Adversary In the Middle (AiTM) attacks. AiTM attacks have recently...
Read more
Blog

Understanding Vulnerability Lifecycle to Better Combat Exploits

If you care about cybersecurity, you surely have heard the term ‘software vulnerability.’ But it can quickly happen that sometimes we take this term for...
Read more
Blog

CL0P Group – Analysis of European’s rising ransomware threat

If you were following trends in the cyber threat landscape for the past few months, or actually the entire year, you undoubtedly recall that there...
Read more
Blog

A look into Living off the Land adversarial technique

Recently, you may have noticed several cybersecurity news sites citing Microsoft’s article on Flax Typhoon’s (threat actors) stealthiness while performing their cyber intrusions. While reading through the...
Read more
Blog

How could AI simplify malware attacks, and why is this worrying?

AI can simplify malware attacks, lowering costs, giving cybercriminals an advantage over insufficiently secured targets.
Read more
Blog

Digital Forensics: Discovering Threat Actor’s traces using Recycle Bin

Criminals don't like to leave traces. In the cyber world, that means deleting their malicious software from your environment after the attack or infiltration. This...
Read more
Blog

Season’s Greetings from Cybercriminals

Cybercrime is on the rise during the holiday season. Cybercriminals take advantage of Black Friday, Cyber Monday, and similar to scam individuals. What can companies...
Read more
Blog

Phishing as a Service (PHaaS) – an Effective Attack Vector for All Threat Actors

Phishing has professionalized. It is literally available to criminals in a »as a service« model, and the most effective examples are extremely convincing. And therefore...
Read more
Blog

New 0-day vulnerabilities in Microsoft Exchange Server actively exploited

Two reported 0-day vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019 (on-prem) tracked as CVE-2022-41040 and CVE-2022-41082 are being actively exploited in the wild....
Read more
Blog

Insider Threats: What are they and how to mitigate them

Organizations' own personnel pose one of the biggest threats to their security. Read the article to learn how to mitigate Insider Threats.
Read more
Blog

How to detect Malware Persistency (part 1)

Malware persistency is a mechanism adversaries use to ensure foothold in a breached environment. Read the article to learn how to detect it.
Read more
Blog

Diving Deep: Malware Injection Techniques

Malware Injection Techniques This is the first entry in the Malware Injection Techniques article series that we will be writing about. The ultimate goal of any malicious...
Read more
Whitepaper

Dissecting Russian State-sponsored Threat Actors

Who are the Russian-state sponsored hackers that fight in cyber-war in Ukraine, what techniques are they using and how (if) you should prepare your cyber-defenses...
Read more
Blog

How to detect Typosquatting?

Typosquatting is a type of social engineering attack, where a threat actor registers domains with deliberately misspelled names of known brands or websites and hosts...
Read more
Blog

How to detect Follina the Windows MSDT 0-day

Microsoft confirmed a security vulnerability tracked as CVE-2022-30190 and released it on their MSRC portal on May 30th, 2022. The vulnerability allows for a remote code execution...
Read more
Whitepaper

What you need to know about the increased Digital Risks following the cyber-attacks on Ukraine

Amidst the ongoing warfare, we were able to track the development of new dedicated and tailored malware (HermeticWiper and Whisper Gate) on the dark web...
Read more