Thought Pieces

Thought Pieces

This section contains original thought pieces rather than technical write-ups. It’s pieces are hosted entirely on jaiminton.com.

Read

Employing FeatureUsage for Windows 10 Taskbar Forensics

Employing FeatureUsage for Windows 10 Taskbar Forensics

Research into a registry artifact known as ‘FeatureUsage’ and how it can be used in digital forensics investigations.

Read (External)

Finding, Hunting and Eradicating Spicy Hot Pot, a Persistent Browser Hijacking Rootkit

Finding, Hunting and Eradicating Spicy Hot Pot, a Persistent Browser Hijacking Rootkit

Investigation into a persistent browser hijacking rootkit known as ‘Spicy Hot Pot’.

Read (External)

Falcon Complete Stops Microsoft Exchange Server Zero-Day Exploits

Falcon Complete Stops Microsoft Exchange Server Zero-Day Exploits

Analysis of a 0-day vulnerability causing mass exploitation of Microsoft Exchange servers.

Read (External)

Malicious Self-Extracting Archives, Decoy Files and Their Hidden Payloads

Malicious Self-Extracting Archives, Decoy Files and Their Hidden Payloads

Analysis of an empty SFX archive with hidden functionality to allow it to be used as a backdoor.

Read (External)

Detection Guidance for ConnectWise CVE-2024-1709

Detection Guidance for ConnectWise CVE-2024-1709

How to detect exploitation of ConnectWise CVE-2024-1709.

Read (External)

Advanced Persistent Threat Targeting Vietnamese Human Rights Defenders

Advanced Persistent Threat Targeting Vietnamese Human Rights Defenders

Finding an APT which had been present in an environment for years and analysing their malware.

Read (External)

Oh No Cleo!

Oh No Cleo! Cleo Software Actively Being Exploited in the Wild

Investigation into a 0-day present in Cleo software that was actively being exploited in the wild.

Read (External)

Oh No Cleo! Malichus Implant Malware Analysis

Oh No Cleo! Malichus Implant Malware Analysis

Deep dive investigation into an implant targeting Cleo software which we named ‘Malichus’.

Read (External)

Rapid Response: Samsung MagicINFO 9 Server Flaw

Rapid Response: Samsung MagicINFO 9 Server Flaw

Analysis of a 0-day exploited in the wild on Samsung digital sign content management software wrongly attributed to CVE-2024-7399 (which later was designated CVE-2025-4632).

Read (External)

Research: Axis Camera Exploitation

Research: Axis Camera Exploitation

Analysis of exploitation via CVE-2025-30023/4/5/6 detected in the wild on Axis Communication surveillance products which started 7 days after public disclosure of the vulnerability

Read

The Crown Prince, Nezha: A New Tool Favored by China-Nexus Threat Actors

The Crown Prince, Nezha: A New Tool Favored by China-Nexus Threat Actors

Analysis of an intrusion involving a new tool known as Nezha, which up until publishing this hasn’t been publicly reported on. This was used in tandem with other families of malware and web shell management tools such as Ghost RAT and AntSword by a PRC-Nexus threat actor.

Read (External)