Blog Posts

Internal Blog

Blog posts hosted on jaiminton.com including original research and findings. This section is more likely to contain original thought pieces rather than technical write-ups.

Read

Employing FeatureUsage for Windows 10 Taskbar Forensics

Research into a registry artifact known as ‘FeatureUsage’ and how it can be used in digital forensics investigations.

Read (External)

Finding, Hunting and Eradicating Spicy Hot Pot, a Persistent Browser Hijacking Rootkit

Investigation into a persistent browser hijacking rootkit known as ‘Spicy Hot Pot’.

Read (External)

Falcon Complete Stops Microsoft Exchange Server Zero-Day Exploits

Analysis of a 0-day vulnerability causing mass exploitation of Microsoft Exchange servers.

Read (External)

Malicious Self-Extracting Archives, Decoy Files and Their Hidden Payloads

Analysis of an empty SFX archive with hidden functionality to allow it to be used as a backdoor.

Read (External)

Detection Guidance for ConnectWise CVE-2024-1709

How to detect exploitation of ConnectWise CVE-2024-1709.

Read (External)

Advanced Persistent Threat Targeting Vietnamese Human Rights Defenders

Finding an APT which had been present in an environment for years and analysing their malware.

Read (External)

Oh No Cleo! Cleo Software Actively Being Exploited in the Wild

Investigation into a 0-day present in Cleo software that was actively being exploited in the wild.

Read (External)

Oh No Cleo! Malichus Implant Malware Analysis

Deep dive investigation into an implant targeting Cleo software which we named ‘Malichus’.

Read (External)

Rapid Response: Samsung MagicINFO 9 Server Flaw

Analysis of a 0-day exploited in the wild on Samsung digital sign content management software wrongly attributed to CVE-2024-7399 (which later was designated CVE-2025-4632).

Read (External)