<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Osint - Tag - Forensic wheels</title><link>https://polymathmonkey.github.io/weblog/tags/osint/index.html</link><description/><generator>Hugo</generator><language>en-us</language><lastBuildDate>Fri, 26 Jun 2026 09:31:55 +0200</lastBuildDate><atom:link href="https://polymathmonkey.github.io/weblog/tags/osint/index.xml" rel="self" type="application/rss+xml"/><item><title>HTB: Sherlock: KitsuneHook</title><link>https://polymathmonkey.github.io/weblog/writeups/htb-sherlock-winnti/index.html</link><pubDate>Tue, 23 Jun 2026 00:00:00 +0200</pubDate><guid>https://polymathmonkey.github.io/weblog/writeups/htb-sherlock-winnti/index.html</guid><description>Overview Attribute Value Challenge Type Sherlock (Investigation) Difficulty Medium Focus Threat Intelligence &amp; OSINT Key Techniques Vendor Attribution, Malware Analysis, Cluster Correlation Status COMPLETED The investigation starts with a cold lead (“Winnti behind this”) and requires classic OSINT: vendor reports, GitHub source analysis, conference presentations, and leaked data correlation.
Scenario &amp; Investigation Approach You’re a Threat Intelligence Analyst with a new assignment: all you know is that Winnti is behind this mess. Your organization has detected suspicious activity targeting manufacturing and energy companies, and the SOC needs answers fast.</description></item></channel></rss>