Hunting Emotet campaigns with Kusto

Introduction Emotet doesn't need an introduction anymore - it is one of the more prolific cybercriminal gangs and has been around for many years. In January 2021, a disruption effort took place via Europol and other law enforcement authorities to take Emotet down for good. [1] Indeed, there was a significant decrease in Emotet malicious … Continue reading Hunting Emotet campaigns with Kusto

Detecting DCSync and DCShadow Network Traffic

This blog post on detecting Mimikatz' DCSync and DCShadow network traffic, accompanies SANS webinar "Detecting DCSync and DCShadow Network Traffic". Intro Mimikatz provides two commands to interact with a Windows Domain Controller and extract or alter data from the Active Directory database. These two commands are dcsync and dcshadow. The dcsync command can be used, … Continue reading Detecting DCSync and DCShadow Network Traffic

OpenSSH User Enumeration Vulnerability: a Close Look

Intro An OpenSSH user enumeration vulnerability (CVE-2018-15473) became public via a GitHub commit. This vulnerability does not produce a list of valid usernames, but it does allow guessing of usernames. In this blog post, we take a closer look at this vulnerability and propose mitigation and monitoring actions. Technical details This vulnerability manifests itself in … Continue reading OpenSSH User Enumeration Vulnerability: a Close Look

Shortcomings of blacklisting in Adobe Reader and what you can do about it

A variation of a class of malicious PDFs appeared in the wild. In this blog post, we will show you how to protect your systems and how to analyze these PDFs. The PDFs embed a file type with extension .SettingContent-ms that can be used on Windows 10 to execute arbitrary code. We have observed on … Continue reading Shortcomings of blacklisting in Adobe Reader and what you can do about it

Windows Credential Guard & Mimikatz

Here at NVISO, we are proud to have contributed to the new SANS course “SEC599: Defeating Advanced Adversaries - Implementing Kill Chain Defenses”. This six-day training focuses on implementing effective security controls to prevent, detect and respond to cyber attacks. One of the defenses covered in SEC599 is Credential Guard. Obtaining and using credentials and … Continue reading Windows Credential Guard & Mimikatz

Mitigation strategies against cyber threats

So it's been a good 2 months since we have been in business! We thought we’d to take some time to reflect on these two months, in which we've seen quite some interesting security news including the well-known Mandiant report on APT1 and the widespread Java chaos. Last week, ENISA published a "Flash Note" on Cyber … Continue reading Mitigation strategies against cyber threats