I have had this question come up quite a lot from people asking “hey, how would I know if my phone is hacked, it has been doing some weird things”.
So here is a list of items you should check to assess if your mobile phone might be compromised.
What might show my phone got hacked ?
Check Your Data Usage
Most mobile devices will let you check how much data each app has used up. For apps related to social media it would make sense for them to use up a lot of data. But if you have an app, you barely use, and you can see there is quite a lot of data usage on it. That might indicate that it has been running and sending/receiving data. Compromised apps, may tend to use more data since the attacker may be trying to send data over your phone to their own systems. A good way to measure this is to check your app data usage every month. So, you get to know what the average data usage if for each app you use.
Pop ups or Ads
This one is an obvious one, if you see random ads popping up out of no where. Or random windows pop up on your screen. There is a good chance your phone has malware, and/or an app was installed and could have full access to your mobile device. You should go through ALL your apps to see what you have running on your mobile device. If there is anything that you see which should not be running or installed. Remove the app and check to be sure it was removed with the app no longer showing up as running/installed.
Your Phone gets hot all the time
A phone gets very hot to touch when it’s running an app that takes up a lot of processing power. And, that makes your phone start to heat up. If this is happening to a point where your phone is always super hot to touch. Then chances are a malicious app is running all the time causing your phone to heat up. This is a good chance to view all apps running and see which one has been running the most. It could be an indicator that it is a malicious app and should be removed.
I have been extremely fortunate to be able to help drive many of Microsoft’s security tools and roadmaps. For those members that are part of the M365 Threat Protection CCP group. They get a chance to contribute heavily to provide feedback on Microsoft Security products. In the end, it helps enhance the security roadmap that Microsoft plans out. Some of the technologies we get to help drive forward and further enhance are listed below.
Recently, I challenged the GIAC/SANS GCFA exam. And I am excited to say I passed and have obtained the GCFA certificate!
This was one of the more detailed courses I had taken in awhile. The IR and Threat hunting sections were not as new to me. However, the memory and forensics section were very deep and detailed. Normally, most organizations will contract out major forensic type of work to 3rd party external partners. So, the forensics section was something I do not work on as often. But I found learning and getting the knowledge of various ways malware can hide in memory, or how to detect Time stomping attacks from malware was extremely fun and exciting to learn. Feeling incredibly grateful to learn about all these new attack techniques and detection mechanisms.
The course will prepare you for the exam and cover topics and tools that you will be tested on. There is a lot of material to learn in the course. So, dedicate a good amount of time towards learning the course material and all the concepts. The class itself was amazing especially when you get into Memory Analysis, File system analysis and the Anti-forensics sections.
I wanted to post about a very cool one-of-a-kind cyber security job listing website. If you are looking into getting a job specializing in cyber security, you are in luck! One of my friends has created a website dedicated towards connecting like minded cyber security professionals and hiring managers.
What is InfoSec-Jobs.com?
It is a highly focused website listing out only cyber security positions. You can check out the website here: https://infosec-jobs.com/
It has listings that only consist of security focused and related jobs or positions. If you are a hiring manager, it is a great place that allows you to post your current open positions if you are looking for some talented cyber security professionals.
The website also does not sell your personal information, CV/Resume details to any other parties, and no external trackers are used on the site. The website is built to protect every user’s personal information.
It is a rare website, as most other IT job related websites showcase various IT positions. There are none that really focus just on cyber security positions. So this is a new rare gem to check out and bookmark!
So, just before the end of a remarkably interesting and odd 2020 year. I decided to go ahead and take the FOR 508 class on Advanced Incident Response, Threat Hunting, and Digital Forensics. I felt this was a course that could really benefit security practitioners for understanding best practices & methods related to IR. As well as, learning new techniques for threat hunting in a large enterprise environment. I decided to put up a post listing our what you can plan to learn from this course should you decide to take it.
Winning the Coin
One of the coolest parts of the class is Day 6 (more details listed later). You get a chance to join into teams and compete in a class APT Threat group challenge. The team that wins the CTF gets an award in the sign of a special course specific SANS Coin. On top of that, SANS will add your name to the Community DFIR Coin holders list! It is a great achievement, and I have to say the challenge was very realistic and fun to tackle.
My name is Harry Taheem
I am a Cyber Security Engineer.
My aim is to post things I learn or find interesting and allow others to hopefully gain some more insight. I also plan on posting general IT related issues, as I’d like StealthBay to be a place where IT users can find some form of knowledge and education. And, hopefully I can learn a few new things from other users as well who also wish to share their own experiences and knowledge.
My name is Harry Taheem
I am a Cyber Security Engineer.
My aim is to post things I learn or find interesting and allow others to hopefully gain some more insight. I also plan on posting general IT related issues, as I’d like 
