I recently spent some time repurposing fields in ICMP headers in order to do a basic file transfer. I decided to use the code, ID, and…

You've probably heard about salting passwords, but a further technique, peppering, makes them even more secure. Here's how.

Let’s have some more jupyter fun and dig into doing cloudfront log analysis with jupyter, pandas and dash using this notebook!

During a recent incident response engagement, the Profero IR team observed a sample of Hello Kitty ransomware. This version of ransomware…

Continuously train and measure your entire workforce

A tutorial + code on writing a bayesian image classifier on MNIST dataset.

Determine whether a given video sequence has been manipulated or synthetically generated - chinmaynehate/DFSpot-Deepfake-Recognition

This post walks through exploiting serverless environments and AWS Lambda functions via the CloudGoat vulnerable_lambda scenario.

That title would have sounded very weird to me a year ago but that’s exactly what happened. Let me walk you through how we were approached by a client for a code review, had to find a zero day just to get started (CVE-2022-29856), and ultimately “decrypted…

In this post, we'll explain what we do to fight malicious relays in our network, how we did in the past, and what further improvements are upcoming and being worked on.

Malicious KQL Query: Malicious KQL query is injection technique, where attacker with targetable workspace resourceID can inject listener of access tokens in the query. The attacker then uses the ga…

Colibri Loader uses a novel method of Persistence which makes use of Get-Variable cmdlet to run its executable every time powershell is launched. Here we cover the method, why it works, and how to detect such TTPs.

Hi all,

Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could be chained together, allowing an attacker to elevate privileges to root on many Linux desktop endpoints. Leveraging Nimbuspwn as a vector for root access could…

In one of the fastest ransomware cases we have observed, in under four hours the threat actors went from initial access, to domain wide ransomware. The initial access vector for this case was an Ic…

This article introduces VirtualBox research and explains how to build a coverage-based fuzzer, focusing on the emulated network device drivers. In the examples below, we explain how to create a harness for the non-default network device driver PCNet. The…

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could resul…

Emotet is back with a new spam campaign. And it's now spreading itself as a shortcut link file pretending to be Word document.

RW-Fuzzer: A Fuzzing Method for Vulnerability Mining on Router Web Interface