Analysis of a trojanized jQuery script: GootLoader unleashed

Update 24/10/202: We have noticed 2 changes since we published this report 3 months ago. The code has been adapted to use registry key “HKEY_CURRENT_USER\SOFTWARE\Microsoft\Personalization” instead of “HKEY_CURRENT_USER\SOFTWARE\Microsoft\Phone” (sample SHA256 ed2f654b5c5e8c05c27457876f3855e51d89c5f946c8aefecca7f110a6276a6e) When the payload is Cobalt Strike, the beacon configuration now contains hostnames for the C2, like r1dark[.]ssndob[.]cn[.]com and r2dark[.]ssndob[.]cn[.]com (all prior CS samples we … Continue reading Analysis of a trojanized jQuery script: GootLoader unleashed

New year, new vulnerabilities: Spectre & Meltdown

Two new vulnerabilities “Spectre” and “Meltdown” were recently discovered, affecting millions of systems worldwide. Please find our security advisory below.                                                        Summary Spectre and Meltdown are hardware vulnerabilities in … Continue reading New year, new vulnerabilities: Spectre & Meltdown

A practical guide to RFID badge copying

During red teaming assignments we are sporadically asked to attempt to gain access to certain physical “flags”. These flags could be the inside of a server room, or the workstation of a member of the management team. Aside from these red teaming assignments, in most organisations, access badges are often the single factor of security … Continue reading A practical guide to RFID badge copying