Blog & Insights

Stay informed with the latest insights, trends, and best practices in cybersecurity.

Inside KoviD — The Stealthy Linux Kernel Rootkit Threat

In the rapidly evolving world of cyber threats, kernel-level rootkits continue to pose a critical challenge to system security. One such example is “KoviD,” a highly stealthy Loadable Kernel Module (LKM) rootkit for Linux Kernel version 5 and above. This blog breaks down how KoviD works, the mechanisms it abuses, and what defenders should learn […]

shailendrasachan

SecurityAnalyticsSecurityOperations

Analysis of CVE-2025-53770 & CVE-2025-53771 (Microsoft SharePoint)

This is a set of two CVEs which affect On-Prem Microsoft SharePoint users. Both these CVEs are a rehash of 2 recent CVEs that were disclosed in May 2025 as a part of Pwn2Own Berlin by researchers and was supposedly patched by Microsoft in its Patch Tuesday update on 9th July 2025. The original CVEs […]

Siddharth Singh

SecurityAnalyticsSecurityOperations

Anatsa Malware Campaign: A Stealthy Banking Trojan Inside Google Play

In today’s mobile-first world, malware authors are adapting rapidly, and few demonstrate this better than the Anatsa malware, also known as TeaBot. Disguised as legitimate utility apps and distributed through the Google Play Store, Anatsa is a dangerous Android banking trojan designed to steal credentials, hijack accounts, and perform unauthorized transactions with alarming stealth. What […]

shailendrasachan

SecurityAnalyticsSecurityOperations

Lumma Stealer: Threat Landscape and Delivery Evolution (2024-2025) (Part 1)

Lumma Stealer has emerged as one of the most prolific infostealer threats in the cybercriminal ecosystem, with a 369% increase in infections from early to late 2024. This blog provides a comprehensive analysis of Lumma’s threat landscape, delivery vectors, and operational evolution based on observed telemetry and campaign analysis. Over the past year, Lumma Stealer […]

Siddhant

SecurityAnalyticsSecurityOperations

Scaling with Purpose: Welcoming Sharad Sanghi to Bloo

We’re delighted to welcome Sharad Sanghi to Bloo’s Strategic Advisory Board. A pioneering force in India’s tech infrastructure, he founded Netmagic in 1998, effectively building the country’s first data center, and guided it to become the leading managed cloud services provider under his leadership When you’re building a cybersecurity platform that needs to process millions […]

Shomiron Das Gupta

Company

Accelerating the Future of Cyber Defense, with Dr. Gaurav Raina

We’re thrilled to welcome Dr. Gaurav Raina to Bloo’s Strategic Advisory Board. A systems thinker, academic leader, and mentor to innovators, Dr. Raina brings deep expertise in networks, control theory, and large-scale systems design. When I first met Dr. Gaurav Raina, I was struck by his ability to make complex technical concepts feel human and […]

Shomiron Das Gupta

Company

Advanced Threat Hunting Through Memory Address Patterns with Sysmon

The Next Level: Memory Address Analysis In my previous article, we explored how DLL sequence analysis can detect process injection attempts. But what if we could go deeper? What if we could analyze not just which DLLs are loaded, but where in memory they’re being accessed? This is where terminal ntdll.dll memory offset analysis comes in. […]

Siddhant

SecurityAnalyticsSecurityOperations

Anomalous DLL Call Stack Sequence Detection: A Threat Hunter’s Guide to Process Injection

The Problem: Why Call Stack Analysis Matters In the world of endpoint detection, we’re constantly chasing the next big thing. But sometimes, the most powerful detection capabilities are hiding in plain sight. Take Sysmon Event ID 10 (Process Access) — it’s not just about which process accessed what. The real gold is in the CallTrace […]

Siddhant

SecurityAnalyticsSecurityOperations

Enhancing Threat Detection with Call Stacks in Sysmon Event ID 10 (ProcessAccess)

In this article we talk about using Call Stacks to detect malware at a deeper level and further our understanding of malware behaviour. The reason we take this approach is to work beyond just detecting behaviour on the basis of which programs are triggered or actions are performed; but also working to determine which functions […]

Siddharth Singh

SecurityAnalyticsSecurityOperations

Dark-Kill: How Custom Callbacks Disable EDRs

In today’s rapidly evolving threat landscape, attackers are constantly innovating to bypass endpoint defenses. One such sophisticated method involves tampering with process creation notifications at the kernel level, leveraging Windows’ internal APIs. In particular, the `PsSetCreateProcessNotifyRoutine` function has become a tool of choice for advanced attackers aiming to disable Endpoint Detection and Response (EDR) systems. […]

shailendrasachan

SecurityAnalyticsSecurityOperations

Domain Generation Algorithms: How I Learned to Stop Worrying and Love the Mathematical Formulae

Cybersecurity is an ever expanding field where more domains keep getting added as we progress with technology. These domains try to address very specific problems that may arise, for example Container Security or Application Security seek to address issues with Containers and Applications (Web/Android/iOS etc.) respectively. It is however important to remember that all of […]

Siddharth Singh

SecurityAnalyticsSecurityOperations

APT41 – TOUGHPROGRESS Malware Analysis

I arrive at the office, make a cup of coffee and sit down to browse the latest Cybersecurity news. I have a daily brief to cover for the company where I talk about whatever is the most important, alarming or interesting news for the day. While browsing I see the mention of APT41 once again, […]

Siddharth Singh

SecurityAnalyticsSecurityOperations

Kill the Threat: How the “Cyber Kill Chain” Helps You Stop Attacks Early

Today, in the digital world, cyber-attacks are no longer a matter of “if”, “but” “when”. Attacks happen every minute, from phishing to sophisticated ransomware campaigns. It is no longer sufficient to only respond to breaches. Cybersecurity professionals must understand “how” and “why” an attack occurs. This is where the “Cyber Kill Chain” comes into play—a […]

shailendrasachan

BestPracticesSecurityAnalyticsSecurityOperations

From Headlines to Slack: Automating Cyber Threat Intelligence Delivery

As a Cybersecurity Analyst, staying ahead of the ever-evolving threat landscape is a non-negotiable part of the job. But in a fast-paced environment, manually looking through multiple sources for the latest cybersecurity news can be inefficient and unsustainable. That’s what sparked the idea for the “Threat Intel Automation” project—an initiative to automate the entire process […]

shailendrasachan

AISecurityAnalyticsSecurityOperations

The Day I Became a Digital Beekeeper – Luring Real Threats into My Windows Honeypot

This is Part 2 of the “The Art of Digital Deception” series, where theory meets chaos. In this post, we go beyond the build. The honeypot was live—open to the world like digital flypaper—and within hours, it began drawing in curious crawlers, brute-force bots, and opportunistic threat actors from across the globe. From SSH brute-forcing […]

Rakshit Shetty

SecurityAnalyticsSecurityOperations

The Levenshtein Mile

In the previous article we covered the topic of Domain Generation Algorithm (DGA) and our subsequent efforts to detect the same using the Shannon Entropy formula by using the randomness of the characters in the domain itself to detect a suspected malicious domain. In this blog we move onto another security evil which seems to […]

Siddharth Singh

SecurityAnalyticsSecurityOperations

Reducing Data Lake Costs on AWS by 80%: A High-Level Strategy Guide

At DNIF Hypercloud, a cybersecurity company processing millions of security events per second, data is at the core of everything we do. Our workloads are incredibly data-intensive, which means managing our data lake infrastructure on AWS is crucial for both performance and cost efficiency. This blog post shares the key insights and strategies that enabled […]

Ashish Panda

AISecopsAWSCloudCostOptimizationCyberSecurityDataLakeEfficiencyKubernetesMDRSpotInstance

Launch Day – Bloo Systems Inc

It’s June 16, 2025 – today, we’re launching Bloo, a cybersecurity company born from a simple but frustrating truth: Despite decades of investment in tools, platforms, and MDR services, threat detection still fails when it matters most. The Gap We See Security teams don’t struggle because they lack alerts. They struggle because they lack assurance. […]

Shomiron Das Gupta

What’s in the name?

Bloo is inspired by the defenders. The name draws from Blue Teams, those who stand guard over infrastructure, data, and people. But it also nods to Blue Ocean Strategy: a belief that the best way forward isn’t to fight in saturated markets, but to build new paths through deep innovation and clarity of purpose. And […]

Shomiron Das Gupta

Company

How Our Team Learned to Measure What Truly Matters

One of the earliest realizations I had while working in cybersecurity is how easy it is to get trapped in the loop of ticking off tasks — closing support tickets, finishing extractor builds, or deploying detection rules. For a long time, that’s how I measured productivity: the more tasks completed, the better the team’s performance. […]

Siddhant

BestPracticesSecurityAnalyticsSecurityOperations

Beyond the Hype: Why Battle-Tested Detections are Crucial for Effective MDR

Managed Detection and Response (MDR) has become a cornerstone of modern cybersecurity, offering organizations a lifeline in the face of increasingly sophisticated attacks. However, the effectiveness of any MDR service hinges on the quality of its detections. Too often, organizations find themselves reliant on MDR providers that utilize unproven or poorly validated detections, leaving them […]

Aniket Bhirud

Starting the Journey: Why Detection Engineering Needs to Evolve Beyond the Basics

When I first got involved in detection engineering, I saw it the way most practitioners do — writing correlation rules, refining signatures, and responding to alerts. The job felt structured, almost mechanical at times. But over the years, as I spent more time analyzing real-world threats and observing how attackers operate, a persistent thought kept […]

Siddhant

BestPracticesSecurityAnalyticsSecurityOperations

Re-imagining Threat Intelligence: From Consuming Feeds to Building Context

When I first started working closely with threat intelligence, I realized how often it sits in organizations as a passive function — subscriptions to feeds, lists of indicators, and reports that get read but rarely acted upon. It felt more like a checkbox exercise than something driving real value. Over time, though, my perspective evolved. […]

Siddhant

BestPracticesSecurityAnalyticsSecurityOperations

The MDR Reality Check: Overcoming the Challenges of Modern Threat Detection

In today’s world, Managed Detection and Response (MDR) has become essential for strong cybersecurity, giving organizations a way to defend themselves against increasingly complex attacks. However, the truth is that an MDR service is only as good as its detections. All too often, organizations find themselves depending on MDR providers that use unproven or poorly […]

Aniket Bhirud

BestPracticesIndustryInsights

Why your MDR needs AI

As someone who has been navigating the cybersecurity landscape for quite some time, I’ve seen the evolution of threat detection and response firsthand. From the days of basic antivirus programs to today’s sophisticated Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR) solutions, it’s clear that artificial intelligence (AI) plays a pivotal role […]

Shomiron Das Gupta

AIMachineLearningSecurityAnalytics

How Running Adversarial Simulations Reshaped My View on Detection Engineering

There are a few moments in your professional journey that truly shake your perspective — moments that force you to pause, rethink, and rewire your approach. For me, that moment came when we ran our first adversarial simulation exercise against our own detection content. We’ve always taken pride in the detection logic we build — […]

Siddhant

BestPracticesSecurityAnalyticsSecurityOperations

The Evolution of Enterprise Logging: Beyond Basic SIEM

Modern enterprises face an unprecedented challenge in managing and making sense of their log data. While traditional SIEM solutions have served as the backbone of security logging for years, today’s threat landscape demands a more sophisticated approach.

Shomiron Das Gupta

BestPracticesLogManagementSecurityAnalyticsSIEM

Search

Tags

Stay Updated

Subscribe to our newsletter for the latest insights and updates in cybersecurity.