my photo

John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

Blog / #persistence

Russian Hackers Are Going Back to Old Victims to Check If the Door's Still Open

John Z Black Apr 4, 2026

Threat Intelligence #russia #apt28 #fancy-bear #void-blizzard #cert-ua #ukraine #persistence #social-engineering

CERT-UA warns APT28 and Void Blizzard are revisiting old compromises, testing dormant access, and calling targets directly in fluent Ukrainian. Incident response has an expiration date. Attackers don't.

Read More

Delete This Web Shell and It Grows Back. Thanks, Cron.

John Z Black Apr 4, 2026

Threat Intelligence #webshell #php #cookie-c2 #linux #persistence #microsoft-defender

Microsoft found PHP web shells that take commands through cookies instead of URLs. Delete them and a cron job rebuilds them. Your WAF probably can't see any of it.

Read More