Security

Meta Account Takeover: The ig.me Phishing Technique On 24 March 2025, a targeted phishing attack compromised a user’s Meta accounts, leveraging Instagram’s “ig.me” link shortener to steal accounts and gain unauthorised access. The incident exposed the complications of Meta’s account system and again reinforces the need for multi-factor authentication (MFA). This is a brief (hopefully) look at how the attack unfolded, why it still works, and what we can learn from it....

Virus.xcheck: A Tool for Finding Malware Samples I’ve always found it interesting how the security community shares and analyses malware samples. There’s a great resource called Virus Exchange that serves as a repository for malware researchers and security professionals. However, quickly checking if multiple file hash exists in their database wasn’t as straightforward as I wanted it to be. What is Virus.xcheck? Virus.xcheck is a Python tool I created that quickly checks if a file hash exists in the Virus Exchange database....

Welcome Hello and welcome to my blog! I’m Lewis. I work in security operations, incident Response, and other general research at Microsoft and I’m based in the UK. Outside of work, I often climb boulders and usually get chalk everywhere, stay active in the gym, badly play golf, and rotate between two or three additonal hobbies which I can’t seem to commit to. What to Expect This blog will range between topics:...