November 13, 2022

TSD #015: Playing God without permission.

Hello friend 👋

I hope you are all healthy and happy. I have had a great week. A busy one, but a good one. I'm steadily nearing the end of SWITCHFIRE v2 production. Just the last module to shoot and then some final edits and we are good to go! It's a great upgrade to the course and I'll let you know here when it's ready. I'm also ramping up production quality on my YouTube videos as I learn new skills and get new tools to make life easier.

First up this week...


The highlight of my week was reading Group-IB's new report, "OPERA1ER. Playing God without permission." If you don't know, Group-IB is a Singapore-headquartered cyber security company that does all the things you'd expect of a cyber security company, including awesome reports like this one:

This report concerns a French-speaking threat actor relying solely on known “off-the-shelf” tools to steal millions from financial service and telecommunications companies. In total, they managed to carry out at least 30 successful attacks between 2019 and 2021; total losses are anywhere between $11-$30 million USD. Although African banks were the most common victims, campaigns were also observed in other industry verticals in different geographic regions.

It's a great report and awesome insight into the world of Cyber Threat Intelligence; something I live and breathe almost every day.

Click here to read it - it's not short and you'll need to fill out a form, but I'm sure you can figure that part out. It's worth it!

Europol arrests LockBit operator

Europol arrested a LockBit ransomware operator in Canada this week. Mikhail Vasiliev is a dual Russian and Canadian national from Bradford, Ontario, Canada and LockBit is the number 1 ransomware operation these days. They usually hit anywhere between 50-150 companies per month across the globe. You can read more from The US Department of Justice here. If you'd like to learn more about the actual LockBit ransomware, you can read this blog from Kaspersky.

Until next week,

Gary ✌️

Fun Things This Week

📽 My New Video

Do THIS After Running Nmap!: If you've just run an Nmap scan, and found a load of services, but don't know what to do next...this is the one thing you should definitely try!


I bought the Elgato Flex Arm (Large) and the Multi Mount (Large) to combine and get some useful overhead shots for my videos. Keep your eye out for some top-down B-roll footage down the line! I love Elgato's gear, it's solid, clever, and not expensive. I recommend you buy them from Amazon, I'd have saved 40% on the Multi Mount if I had!

👾 Cool Tools

Threatest is a Go framework for testing threat detection end-to-end. It allows you to detonate an attack technique, and verify that the alert you expect was generated in your favourite security platform.

Sandman is a backdoor that is meant to work on hardened networks during red team engagements. Sandman works as a stager and leverages NTP (a protocol to sync time & date) to get and run an arbitrary shellcode from a pre-defined server.

If you've written a tool and you'd like me to see it, just drop me an email!

P.S. Some of the links in this newsletter are affiliate links and help support my content. Thank you for your support! ✌️

More Articles
Subscribe to The Sunday Download

Receive weekly news and insights in your inbox. Don't miss out!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.