Jakub Křoustek
Brno, South Moravia, Czechia
1K followers
500+ connections
View mutual connections with Jakub
Welcome back
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
or
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
View mutual connections with Jakub
Welcome back
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
or
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
Websites
- Personal Website
- https://twitter.com/JakubKroustek
- Company Website
- https://retdec.com/
Experience
Education
View Jakub’s full profile
Other similar profiles
-
Romana Tesařová
Malware researcher
Prague Metropolitan AreaConnect -
Ondřej Mokoš
Malware researcher
BrnoConnect -
Jan Holman
Prague, CzechiaConnect -
Luigino Camastra
CzechiaConnect -
Jaroslav Nix
Threat Labs - Engineering Director at Avast Software
South Moravia, CzechiaConnect -
Jan Sirmer
Central Bohemia, CzechiaConnect -
Peter Kálnai
Prague Metropolitan AreaConnect -
Jiri Sejtko
Sr. Director, Threat Labs, CTO
Prague, CzechiaConnect -
Petr Somol
Prague, CzechiaConnect -
Bohumir Fajt
Malware Analysis Team Lead at Avast
Brno Metropolitan AreaConnect -
Michal Poslušný
Principal Game Security Engineer at 2K
Prague, CzechiaConnect -
Tomáš Bedrna
Malware Analyst at Gen
BrnoConnect -
Vlad Iliushin
Prague, CzechiaConnect -
Tomáš Adamiec
Data Research | Data analyst
Prague, CzechiaConnect -
Dmitriy Kuznetsov
Prague, CzechiaConnect -
Michal Cebak
Brno Malware Laboratory Manager at ESET/ Senior Detection Engineer
BrnoConnect -
Marko Zbirka
AI Cybersecurity Researcher
Prague, CzechiaConnect -
Peter Gramantik
BrnoConnect -
Daniel Poliakov
Researcher | AI & Network Security | Data Analysis | Neural Networks
BrnoConnect -
Pavel Kania
Sr. Engineering Manager at Honeywell
BrnoConnect
Explore more posts
-
Directoratul Național de Securitate Cibernetică
🔌 The National Cyber Security Directorate (DNSC) was notified, during the early hours of December 9th, 2024, of a cyberattack against Electrica Group services. 🧑🏻💻 Specialists from the DNSC, alongside other experts from other Romanian authorities, arrived at the location to offer support in remediation of the problem, as well as to investigate the incident, which was identified as a ransomware attack. 💻 Based on preliminary data, the critical systems used for electricity transportation were not affected and remain functional. As the investigation is currently ongoing, no further details can be shared at this time. 🤝 ⚡ We underline the urgency and necessity of developing a sectorial CSIRT for the energy sector, as additional and specialized capacity. #DNSC #cybersecurity #incident #ransomware #Romania
567 Comments -
Imran Khan, CFE, M.S in Business Analytics
We rely on technology companies whose goal is to maximize profits for critical infrastructure and services. I am certain that there will be no accountability for these companies as they make billions of dollars from taxpayers and governmental entities. Do we need these companies or do they need our tax dollars more? The answer will help us potentially avoid future challenges.
-
Dustin Lehr
Don't developers have enough to think about? Is your #applicationsecurity strategy overwhelming their cognitive load? How can we do better? Join us next month for an open discussion about this! Our Let's Talk Software Security community goes beyond just lectures and speakers - YOU are an important part of the discussion. Come share your opinions, or just listen and learn, it's up to you. Hope to see you there! Check the comments for the link (Click "Most recent"), or feel free to scan the QR code (it's safe!), to sign up and access the virtual call link. #securitychampions #securityculture #securityawareness #productsecurity #softwaresecurity #gamification #proactivesecurity
183 Comments -
Sergio Albea
🎄 𝗞𝗤𝗟 𝗔𝗱𝘃𝗲𝗻𝘁 𝗖𝗮𝗹𝗲𝗻𝗱𝗮𝗿 📅 - 𝗗𝗮𝘆 23: "Purview Audit Search Monitoring" 🕵♂️ by Purav D. We're nearing the end! Today, we have another fantastic contribution, this time from Purav D., a Microsoft Purview Audit/eDiscovery expert. If you're working in this field or just curious to learn more, I highly recommend checking out his site: https://lnkd.in/eNa_mwt6 You'll find valuable insights and resources there to deepen your understanding. Don't miss this opportunity to explore top-notch content from an industry expert! KQL Query by Purav D. CloudAppEvents // | sort by Timestamp asc - For lifecycle of a specific search | where ActionType startswith "AuditSearch" | extend CreationTime = RawEventData.CreationTime | extend Operation = RawEventData.Operation | extend SearchJobId = RawEventData.SearchJobId // | where SearchJobId = [GUID] - For lifecycle of a specific search | extend SearchJobName = RawEventData.SearchJobName | extend RecordType = RawEventData.RecordType | extend SearchFilters = RawEventData.SearchFilters | project CreationTime, RecordType, Operation, SearchJobId, SearchJobName, SearchFilters #kqlquery #threathunting #purview
212 Comments -
Ghassan Alsaffar
Phishing campaigns targeting SMBs in Poland deployed malware like Agent Tesla, Formbook, and Remcos RAT in May 2024. Attackers used compromised emails and servers, with a new malware loader called DBatLoader. SMBs are vulnerable due to weak cybersecurity, making trojans popular for their ability to evade detection. #soc #socanalyst #securityoperationscenter #cybersecurityanalyst #paloAlto #cybersecuritynews #malware #cyberattacks #micorsoft #vulnerability #securityawareness #Cisco #redteam #blueteam #applenews #googlecybersecurity #google #apple #ios #osint #Android #infosec #cybersecurity #pentesting #redteam #informationsecurity #CyberSec #networking #networksecurity #infosecurity #cyberattacks #security #linux #cybersecurityawareness #bugbounty #bugbountytips
-
David (Dave) Hawkins🎖
👉🏽 Cyber researchers recommend sticking with the best security practices, such as only downloading official apps from official sources, ensuring that Google Play Protect is enabled, being careful with permissions, not clicking on suspicious links delivered to the phone via SMS or emails, among other things. Cybercriminals have been ramping up dangerous attacks since September. No antivirus engines have detected the retooled version of Cerberus. To evade detection, the trojan now includes session-based droppers, native libraries, and encrypted payloads. It employs keylogging, overlay attacks, and VNC (Virtual Network Computing, a remote screen-sharing protocol). The campaign generates domains on the fly using a Domain Generation Algorithm to change command and control (C&C) servers. Cyble researchers first suspected they were looking at a completely new malware variant. A deeper analysis revealed code similarities to Cerberus, which was first identified in 2019. They dubbed the new campaign ErrorFather after the corresponding Telegram Bot ID. “We have identified approximately 15 samples related to the ErrorFather campaign, including session-based droppers and their associated payloads,” the researchers said. They noted that the attacks are ongoing, and some C&C servers are still active. Attackers rely on users making a mistake – falling for social engineering lures. The malware masquerades as legitimate banking or authentication apps or updates and uses Google Play and Chrome icons. Attackers use phishing sites for malware distribution. #android #cellphone #security #phishing #malware
11 Comment -
Roy Zur
Why #Scams Are Different and What #Customer #Security Means? Scams target the #human factor directly - demanding a #paradigm #shift from protecting systems to #protecting #people. Yesterday, at the #FraudFighters IL Meetup hosted at the Team8 offices, I discussed how we can #rethink #fraud #prevention through Customer Security: 1️⃣ The #Human #Factor: Scams exploit #trust and #emotions, not systems. Understanding human #vulnerabilities and emerging scam trends is key to staying ahead. 2️⃣ #Beyond #Perimeters: Scams move across platforms — starting on #social #media and ending in a #bank transaction or #card #payment. Fighting them requires a connected view beyond any single organization. 3️⃣ #Beyond #Identity: Traditional fraud focuses on who you are. With scams, the challenge lies with the recipient, making #recipient #intelligence critical to prevention. 4️⃣ #Shattered #Trust: Scams hit people hardest - breaking trust and causing real #emotional #distress. Organizations must respond with #care, #support, and better #incident #response. Scams are not just another fraud type — they force us to rethink how we #protect people and help victims #recover. Oren Karmi - thanks for leading this #community! How do you think we can address this growing challenge together? I’d love to hear your thoughts. #FraudPrevention #ScamIntelligence #Cybersecurity #HumanFactor #CustomerSecurity #team8
758 Comments -
ShiftSix Security
Malware Targets Polish Small Businesses In May 2024, hackers hit Polish small and medium-sized companies with smart phishing scams. These attacks put dangerous software like Agent Tesla, Formbook, and Remcos RAT on their systems. The threat spread beyond Poland affecting businesses in Italy and Romania too. This showed how exposed small companies are when they don't have strong cyber defenses. Cybersecurity company ESET has found that the attackers used hacked email accounts and company servers to send harmful emails and gather stolen data. They used DBatLoader, a complex malware loader, to deliver their payloads. This method shows a change from earlier tactics and proves cyber threats have become more advanced. Phishing emails had attachments with malware that when opened, started a multi-step process to install the trojan. The increasing danger to SMBs is worrying, as these companies often fall victim to their weaker cybersecurity defenses. Kaspersky cautions that trojans, which can look like real software create a big risk by getting past normal security measures. To guard against these changing threats small and medium-sized businesses should make email filtering, regular software updates, and thorough phishing awareness training their top priorities. Investing into cutting-edge threat detection tools is also key to spot and stop threats. The latest wave of phishing attacks shows why businesses need to take steps to protect themselves before problems arise. How is your company improving its defenses to handle these kinds of threats? Let us know your plans and thoughts in the comments section. #Phishing #SMBSecurity #Malware #CyberThreats #CyberSecurity
1 -
Muhammad Yahya P.
I'm away from work but there's a lot going on with technology, cyber attacks and data breaches ⚠️ in case you missed what's been going on in recent days...⬇️⬇️⬇️ 🔴 Poland state news attacked with a false article appearing - result is Poland is looking to spend $760 + million on cyber defences 🔴TikTok accounts are the subject of malicious codes in DMs at attempts to compromise. Targeting brands and celebrities, appears some accounts were successfully compromised 🔴 London hospital services are battling a critical incident, again a supply chain attack is having a huge knock-on effect 🔴 Misinformation with AI continues as ChatGPT already answered a winner for the upcoming UK General election 🇬🇧 🔵 Denmark 🇩🇰 raised it's threat level to 3/5 on destructive cyber attacks 🔴 Ticketmaster data breach with over 500 million customers 🔴 Ransomware cyber criminals evading red notices as they colluded with officials to get inside Intelligence 🔴 Santander confirmed a data breach, affecting customers, current and former employees 🔴 Snowflake is warning customers of comprising campaigns as customer tenants are hacked through stolen creds or infostealing malware 🔵 FBI have 7,000+ decryption keys from LockBit if any victims needs help 🔴 Exploit tool out for Microsoft’s Recall AI, I predicted exploit tools will be the first thing to appear when the announcement came #cybersecurity #cybercrime #cyberattack #technology #news
152 Comments -
Maxim Amenitskiy
Sometimes during pentests, it’s possible to gain access to the tdata directory on the PCs of privileged users, where the active session of the Telegram messenger is stored. This can provide full access to the user's messages, which often contain various credentials. I recently found an interesting tool for parsing Telegram history from an active session tg_history_dumper. Could be useful in such cases! 🔗 https://lnkd.in/d8Fu-kvm #telegram #dump
3 -
Anastasia Sentsova
🚨 [Operation Cronos. Round Two - Fatality] Russian Citizen Identified to Be Behind LockBit Operations 📌 On May 7, 2024, the identity of LockBitSupp, a key member of a prominent LockBit was revealed. According to the announcement (https://lnkd.in/e6HD8vzm), the individual behind LockBitSupp figure is Dmitry Yuryevich Khoroshev residing in Russia. 📌 Maintaining secrecy within the underground community, where everyone knows who is who but is bound by secrets and promises, was relatively easy. However, since the beginning of the first phase of Operation Cronos led by National Crime Agency (NCA) started on February 20, 2024, LockBitSupp’s life became a heating pot. With the implementation of PsyOps, the countdown of revealing those who responsible for ransomware attacks began ticking. (https://lnkd.in/eu6KK9Qh). Prior to that, on January 30, 2024, LockBitSupp faced a ban from XSS and Exploit forums. “This forum is a banch of communists and they want to set me up", he said, moving to RAMP forum. (https://lnkd.in/guESfrU2) 📌 Was the move of banning LockBitSupp a suspected anticipation of future actions, aiming to eliminate compromising elements? We don’t know. Interestingly, the RAMP forum became inaccessible earlier this morning for reasons that remain unknown. When analyzing the Russian ransomware ecosystem closely, the patterns in behavior reveal itself, particularly its reactive nature to external events. This is despite the ongoing effort of creating an illusion being distanced from politics and denying potential involvement of the state. “We are completely apolitical”, actors frequently claim in ransom notes. However, their actions and clear indications of target preferences suggest otherwise. 📌 Ransomware's integration into hybrid warfare is undeniable, a phenomenon that existed before the Ukraine invasion yet has intensified greatly since. Analysis of ransomware extends beyond technical aspects, encompassing socio-economic developments in Russia, geopolitical events, and more. In Russia, the primary objectives in recent years have been mobilizing citizens and suppressing opposition. Given the potential for ransomware to function as a formidable force, it seems impossible that the state would disregard such power. 📌 The name is revealed. What’s next, you ask? International cooperation with Russia does not seem to be possible, and it remains uncertain whether it will be in the near future. Until then, Russia will keep its digital soldiers in place, operating in accordance to the law of war (по закону военного времени) that is being greatly cultivated within Russia. Analyst1 continues to monitor situation around LockBit 🦅
794 Comments -
Dan Bailey
New leak of alleged phone-unlock capabilities of Graykey. We have had previous leaks from Cellebrite, but this is our first detailed look at Graykey. They can retrieve partial data from iOS 18, allegedly. The bad news is that we are unsure what "partial data" means. I would suspect what they are really saying is that they can extract data if the phone is in After First Unlock state. https://lnkd.in/euHsV4ua
2 -
Zack Allen
Detection Engineering Weekly Issue 87 is LIVE! https://lnkd.in/e9TNDN6H In this post: * 💎 by Merav Bar and Amitai Cohen on the opportunities behind leveraging atomic cloud IOCs * Truls TD deconstructs security monitoring antipatters * Sam Curry on hacking into Kias using only a license plate number * Andrew Byford on Slack posture management and preventing OSINT leaks * David Schuetz cracks a ping storm mystery * Michael H. launches LOLRMM to add to the lolfarm * Podcasts: Mandiant researchers discuss how threat actors bypass MFA, Thijn Bukkems joins Detection at Scale and gives a breakdown on their detection and response program * Christophe Tafani-Dereeper and Nick Frichette go deep on the recent CUPS vulnerabilities * National Crime Agency names and shames an Evil Corp member * The DFIR Report on a nitrogen campaign leading to blackCat * U.S. DoJ indicts IRGC aligned hackers for hacking into US election staff email inboxes
551 Comment -
Martin Heiskanen
#cybersecurity #700L #sternzeiger Razvan Alexandru Ionica I observed a Romanian Gypsy in a mental hospital. Why? I thought I could learn a lot. What do Romanian Gypsies Like? Shiny Things. What are they good at? Climbing trees in the Korean DMZ you get the point. We can use it for what? The good and the bad. Why was I in a mental hospital? I can start blaming people, The animal kingdom. I can even blame the mushroom kingdom. I can blame viruses. I can blame God. I can blame Satan Santa who ever. I can make claims, sue the shit out of the Metropolitan Police, National Crime Agency (NCA). I'm not sure I want to because a lot is at fault and many people. They have good people too! What is the consequence, only I know. I can make NHS : NHS England : NHS Professionals Be at fault. But people will lose their jobs who don't deserve to and they have a lot of good people. Anyways the Gypo in the asylum. I felt sorry for him and he is a human. But I want to know certain things. He is having a private catch up with the nurse in the office they are both sitting on office chairs. The nurse is sorting shit out. What does he do? Spin. Why? Shiny things reflect a certain way when you spin, the white light sort of staying in the lens, staying in your vision making this white blur for a split second. why does it stay with you? wavelengths at angles and shit remember white light is concentrated with colors, colors mean wavelengths angles mean wavelengths. you get it, like a shiny detection system, Radar. What ever he is. I know he is good a certain things. Anyways one night good things happen in good order people ordering pizza drinks the good stuff a little gather up. There are 2 cardboard boxes in the main area, usually there are no cardboard boxes in the area. Who put them there? Some black guy. (silhouette colors in my memory) Whats in them? I don't know. What do I do? Move it a little with my foot, I know roughly how much a cardboard box of that size weighs. In motion I can understand they carry momentum what ever more if there is something inside them. Seems to be not much extra momentum upon movement no acceleration means shit is not moving relatively to the inside of the box 1 and box 2. Result: They are empty. I don't need to play schrodinger's cat. The observation is complete. I put 1 box on top of the other box. opened the one on top up. \ / \ ________ / | | | Box 1 | <------ [ Above, Cardboard, The contents are visible] |__________| | ------------ | | | <------ [ Below, Cardboard, The contents are hidden] |__________| ___________________________________________________________________________ FLOOR I do this with a couple people, Different races different people whatever different. You get the point. I do this with the Romanian Gypsy Last. Results: In the comments. Limit.
51 Comment -
Thomas Ryan
End-to-End Encryption vs. Protecting Children: Can We Have Both? A recent proposal by the European Union has ignited a fierce debate: should tech companies be mandated to scan private messages for child sexual abuse material (CSAM)? Protecting children is imperative, but this proposal raises grave concerns about the integrity of end-to-end encryption. Encryption is the cornerstone of our online privacy. It ensures that only the sender and recipient can access a message's contents. Undermining encryption would have profound consequences, leaving our communications vulnerable to malicious actors. How can we trust the government to safeguard our privacy when vulnerabilities exist in platforms like Signal, a widely trusted encrypted messaging service? Consider the following CVEs: Signal Desktop: CVE-2023-36665, CVE-2022-37601, CVE-2021-23440, CVE-2019-10747 Signal Server: CVE-2022-1471, CVE-2022-42889, CVE-2022-0839 libsignal: CVE-2023-42282 These vulnerabilities highlight the ongoing challenges in maintaining secure communication channels, making it even more critical to question any measures that could further weaken encryption. Advocates of the EU's plan assert that it's necessary to combat the proliferation of CSAM. However, critics argue that scanning private messages sets a dangerous precedent, paving the way for mass surveillance and infringing on our right to privacy. Moreover, such measures might prove futile, as criminals could simply migrate to more secure platforms. The critical question is whether we can protect children without compromising our privacy. This issue demands careful deliberation. We must devise solutions that tackle CSAM effectively without dismantling encryption's security advantages. Consider these questions: 1. Are there alternative methods to detect and prevent CSAM that do not involve scanning private messages? 2. Can education and awareness programs be enhanced to empower people to identify and report CSAM? 3. What role can tech companies play in creating solutions that protect children while upholding privacy? I would like you to please engage in this conversation and share your perspectives on this vital issue. Together, we can find a solution that protects our children and our privacy. #Signal #cybersecurity #privacy #encryption #childsafety #EU #technology What do you think? Can we strike a balance between protecting children and safeguarding privacy? Websites reviewed https://lnkd.in/e_CHeGfU
162 Comments -
Shahar Madar
Michal Braverman-Blumenstyk, CTO Microsoft Security at BlueHat IL: “Cybercrime has an annual GDP of $8T. If it were a country, it would have the 3rd largest GDP in the world, and by far the fastest growing one”. It takes a village of very smart people to deter and counter these attackers. Blockchain security has a high impact on threat actors ability to operate freely. We need to improve prevention, shed more light on them, and block them more effectively. • If you’re building a blockchain project and not sure how to properly secure it, let’s talk. • If you’re protecting blockchain-based systems or enterprises and want to collaborate, let’s talk. • Also, if you’re not sure why blockchain can have a meaningful impact on this… let’s talk! Thanks Microsoft for sharing the insights, and for an amazing conference like always!
30 -
Michał Sołtysik
I invite you to watch a scientific lecture of mine on YouTube titled 'Deep Packet Inspection Analysis: Examining One Packet Killers,' organized by EC-Council and EC-Council University. Content: 1:37 Opening words 3:58 Why IPS, WAF, and SIEM solutions are not enough. 7:07 Summary of the need for deep packet inspection analysis. 10:14 The four main categories of weaknesses/vulnerabilities. 10:53 DoS Attack Categories. 12:39 One Packet Killer via a vulnerability (CVE-2021-45105). 13:45 One Packet Killer via a weak protocol design in DHCP. 16:03 One Packet Killer via a weak protocol design in Modbus over TCP. 21:52 One Packet Killer via a weak protocol design in WTP. 22:53 One Packet Killer via a weak protocol design in BAT_GW. 26:13 One Packet Killer via a weak protocol design in H.225.0. 31:40 Findings (a breakdown of the possibilities and limitations behind functionalities within protocols which can be misused for DoS attacks under specific circumstances). 32:45 Protocol-based DoS Attacks. 33:48 DoS Attacks: Classification and Protocol Weakness Examples. 35:00 Some possible reasons why an attacker might send a single such packet ('One Packet Killer'). 36:46 Conclusions of the webinar. 39:42 Recommendations on protocol weaknesses. 41:16 An example of a 'Silent Killer' using a ubiquitous protocol DNS. 47:35 Q&A. 58:47 Closing words. URL: https://lnkd.in/dMMTA6Tu
10 -
Gary Warner
Another “Blast from the Past” cybercrime arrest as Maksim Silnikau is arrested and extradited to the United States. Although the press is mostly using his handle “J.P. Morgan” to describe his exploits, I believe we knew him better as “targa.” He was the creator of the Angler Exploit Kit which primarily used compromised Wordpress servers to build an advanced malware delivery system which is referred to in the indictment as a TDS - a Traffic Delivery Service. Exploit Kits were very common in the 20-teens during a time when malicious code in a browser could guarantee that a large percentage of visitors would be compromised. Targa and his crew compromised hundreds of thousands of domains by exploiting both poor configurations and exploits in Wordpress plug-ins to inject the URL of their exploit kit into the source code of possibly millions of URLs. Anyone visiting the page would then have a quick inventory of their system pulled and an appropriate exploit would drop a small Loader on their machine. From that point, the crew could offer that machine as a place where other criminals’ malware could be installed for a fee. Later Silnikau would be a player in the “Ransom Cartel” ransomware which peaked in 2021. The indictments, one for Angler and one for Ransom Cartel, provide many more details and are attached at the bottom of the DOJ Press Release. DOJ Press Release: https://lnkd.in/emEwAHyN One of my favorite Angler write-ups was from Cisco Talos, who described a top group using Angler to generate $30 Million per year in revenue - in 2015! Talos: https://lnkd.in/e6qNVV2R Palo Alto’s Unit42 also had an excellent report - where they documented 90,000 domains seen used by Angler in an eleven day period! Unit42: https://lnkd.in/e8y9qmXi
23
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore More