Joint report between the NCSC and KPMG UK is the first in a series to benchmark and track levels of diversity and inclusion in the cyber security industry.

Drizly, an online alcohol delivery service, recently notified customers of a data breach in which a hacker accessed customer information. This breach reportedly affected up to 2.5 million...

On 2020-07-28, a campaign was reported, involving Doki operator, gaining initial access via Software misconfig, while using Exploiting host mount to escape to host, targeting Docker to achieve...

Over the July 4th holiday weekend Expel’s SOC spotted a coin-mining attack in a customer’s Amazon Web Services (AWS) environment. The attacker compromised the root IAM user access key and used it...

Happy Birthday! Today we mark the fourth anniversary of the NoMoreRansom initiative with over 4.2 million visitors, from 188 countries,... The post Six Hundred Million Reasons to Celebrate: No...

Recently I had the need to explore coverage guided fuzzing in Go. Whilst there is a bit of information scattered around on multiple different sites, as someone who is fairly new to Go, I couldn’t...

Background

In the first part we talked about the basics of Qiling, you can find it here.

On 2020-07-25, a campaign was reported, involving Meow, gaining initial access via Software misconfig, while using FTP access, Misconfigured DB abuse, targeting MongoDB, Elasticsearch, Apache...

What Are Bad Bots? A Bot, or internet bot, web bot, and www bot, among other similar terms, is technically a program or software that is designed to perform relatively... The post How to Prevent...

tl;dr: In this writeup I am going to describe how to abuse a GenericWrite ACE misconfiguration in Active Directory to run arbitrary executables. During a recent assessment I found a new way to...

Windows Subsystem for Linux Plan 9 Protocol Research Overview This is the final blog in the McAfee research series trilogy... The post Hunting for Blues – the WSL Plan 9 Protocol BSOD appeared...

The NCSC report highlights the cyber threats faced by the sports sector and suggests how to stop or lessen their impact on organisations.

The McAfee Advanced Threat Research team today published the McAfee® Labs COVID-19 Threats Report, July 2020. In this “Special Edition”... The post McAfee COVID-19 Report Reveals Pandemic Threat...

After the SigRed (CVE-2020-1350) write-up was published by Check Point, there was enough detailed information for the smart people, like Hector and others of the Twitterverse (careful with the...

When conducting a red team exercise, we want to blend in as much as possible with the existing systems on the target network. For most large networks, that means looking like a Windows machine...

Welcome back to part 2.2 of this series! If you have not yet checked out part 1 or part 2.1, please do so first as they highlight important reconnaissance steps as well as the first half of the...

QBot is a modular information stealer also known as Qakbot or Pinkslipbot. It has been active for years since 2007. It has historically been known as a banking Trojan, meaning that it steals...

A summary of the NCSC’s analysis of the May 2020 US sanction which caused the NCSC to modify the scope of its security mitigation strategy for Huawei.

Welcome back to part 2 of this series! If you have not checked out part 1 yet, please do so first, as it highlights important reconnaissance steps!So let us dive right into the IDA adventure to...

I recently tested an Internet facing Anti-Spam product called SpamTitan Gateway. As you could infer from the name of the product, this platform’s purpose was to detect Spam and or other malicious...

Recently, we came across some firmware samples from D-Link routers that we were unable to unpack properly. Luckily, we got our hands on an older, cheaper but similar device (DIR882) that we could...

Intro For the longest time I had the idea to implement a notification system that would alert me if someone ever logged in (or tried to login) to an SSH server or XSession on a machine I...

Note: This is a re-upload of an old write-up.This is another write-up from an interesting little challenge. The original forum post about it can be found here. To get your hands on the challenge...

Note: Re-write/Re-upload due to dead linksThis write up are my thoughts and steps to statically analyze a given unknown binary. I want to understand the binary to a point where I can freely write...

Note: Re-upload due to dead links :) Yo! Life kept me more than busy, but now I've got a little more time on my hands. I decided to do a write up on the following binary, because it taught me some...

In part 1 of this series, we set up the NanoPi R1S as a USB attack tool, covering OS installation, installation of P4wnP1, and even keylogging a “passed through” keyboard. In this part, I am going...

Introduction

I was recently on a mobile assessment where you could only register one profile on the app, per device. To use another account you had to first deactivate the profile and then register a new one....

While working on DoubleAgent as part of the Introduction To Red Teaming course we’re developing for RingZer0, I had a look at Anti-Malware Scan Interface (AMSI) bypasses. One of the objectives I...