I am Derrick (Ching Yiu) So, a Cybersecurity Red Team analyst. This is my website for my blogs which mainly include CTF writeups. I’m also planning to add writeups about my learning on reverse engineering related topics.

Others

File Services Abuse Matrix

Link

This is a simple spreadsheet on third party file or email services that can be considered druing a Red Team engagement. Threat actors commonly abuse the reputation of these services to bypass security email controls and send out phishing emails. Some of the services listed were actually abused by threat actors in the wild, and I’ve personally used some of these during my past Red Team engagements which indeed delivers our payload to the user’s inbox.

While this spreadsheet is intended for Red Team engagements, it is also beneficial for Blue Teams to understand what services are commonly abused. As the world is constantly changing, I try my best to keep this spreadsheet updated to reflect any lastest trend of third party service abuse.

Cyber Security Notes

(Work in progress) Cyber Security Notes