yahmed – yusufahmed.tech

ChatGPT Stealer: Threat Hunting, Detections & Best Practices for your Organization

February 28, 2026 / yahmed / Cyber Diary, Detections

Back in December 2025, the Ox Research team uncovered two malicious extensions that were being actively downloaded (and still available on the Chrome Store at time of writing) by impersonating as the legitimate AITOPIA AI Sidebar. Once installed and permissions granted these extensions were found to steal browser and AI Chat data and sending the […]

ChatGPT Stealer: Threat Hunting, Detections & Best Practices for your Organization Read More »

BindPlane On-Prem Architecture for Google SecOps

September 14, 2025 / yahmed / Cyber Diary, Uncategorized

In this post I want to discuss BindPlane architecture, specifically, the on-prem architecture for routing logs to your Google SecOps SIEM. BindPlane, at a high level, is a telemetry pipeline (built on top of the OpenTelemetry framework) that is designed to collect, refine and export logs, metrics and traces from any source to any destination.

BindPlane On-Prem Architecture for Google SecOps Read More »

Dangerous File Conversion Sites

March 23, 2025 / yahmed / Cyber Diary

A few days ago I read a some articles about these free online file converter tools that are actually being used for nefarious purposes. The initial warning came from the FBI who are warning these online “tools” are being used to load malware onto victims machines which can lead to ransomware attacks – FBI Denver

Dangerous File Conversion Sites Read More »

Quick Assist Detection

July 6, 2024 / yahmed / Uncategorized

Last month I wrote an article about the Ransomware group Black Basta and how they had been leveraging Remote Desktop tools like TeamViewer, AnyDesk and more notably Quick Assist, which is Microsoft’s own Remote Desktop utility. In general it is strongly recommended to block such apps if there is absolutely no business need to have

Quick Assist Detection Read More »

Black Basta and Remote Desktop Tools

June 2, 2024 / yahmed / Detections, EDR, New Threats, QRadar

CISA, along with the FBI, Department of Health and Human Services (HSS) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), released an advisory towards the beginning May announcing how the Ransomware group Black Basta have been targeting Critical Infrastructure as of late. They have already impacted over 500 organisations around the globe. You can

Black Basta and Remote Desktop Tools Read More »

Data Obfuscation in QRadar

November 20, 2022 / yahmed / Cyber Diary

This article will explain how to setup data obfuscation in QRadar using regex. There will be times where you may need to mask certain data coming into your SIEM platform for various reasons for your organisation. For example it maybe to mask PII (Personally Identifiable Information) data in order to comply with regulations such as

Data Obfuscation in QRadar Read More »