Sextortion Scam With Leaked Passwords Succeeds

Following the forum post on¬†sextortion emails being spammed¬†to innocent victims, we were curious to see if this scam would indeed be successful. We have observed similar scam campaigns before, but now the scammers seem to include the victim's password as well, creating a sense of legitimacy. During our analysis we observed 3 payments to the … Continue reading Sextortion Scam With Leaked Passwords Succeeds

Extracting a Windows Zero-Day from an Adobe Reader Zero-Day PDF

In May 2018, when ESET published a blog post covering PDFs with 2 zero days, our interest was immediately piqued. Promptly after our analysis of these PDFs, we send out an early warning to our customers. Now that Microsoft published a blog post with the detailed analysis of the zero days, we find it appropriate … Continue reading Extracting a Windows Zero-Day from an Adobe Reader Zero-Day PDF

Painless Cuckoo Sandbox Installation

TLDR: As part of our SANS SEC599 development efforts, we updated (fixed + added some new features) an existing Cuckoo Auto Install script by Buguroo Security to automate Cuckoo sandbox installation (& VM import). Download it from our Github here. Intro As a blue team member, you often have a need to analyze a piece … Continue reading Painless Cuckoo Sandbox Installation

Creating custom YARA rules

In a previous post, we created YARA rules to detect compromised CCleaner executables (YARA rules to detect compromised CCleaner executables). We will use this example as an opportunity to illustrate how the creation of these custom YARA rules was performed. In its blog post, Talos shared 3 hashes as Indicators Of Compromise (IOCs): 1a4a5123d7b2c534cb3e3168f7032cf9ebf38b9a2a97226d0fdb7933cf6030ff 6f7840c77f99049d788155c1351e1560b62b8ad18ad0e9adda8218b9f432f0a9 … Continue reading Creating custom YARA rules

Windows Credential Guard & Mimikatz

Here at NVISO, we are proud to have contributed to the new SANS course ‚ÄúSEC599: Defeating Advanced Adversaries - Implementing Kill Chain Defenses‚ÄĚ. This six-day training focuses on implementing effective security controls to prevent, detect and respond to cyber attacks. One of the defenses covered in SEC599 is Credential Guard. Obtaining and using credentials and … Continue reading Windows Credential Guard & Mimikatz

New year, new vulnerabilities: Spectre & Meltdown

Two new vulnerabilities ‚ÄúSpectre‚ÄĚ and ‚ÄúMeltdown‚ÄĚ were recently discovered, affecting millions of systems worldwide. Please find our security advisory below. ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬†¬† Summary Spectre and Meltdown are hardware vulnerabilities in … Continue reading New year, new vulnerabilities: Spectre & Meltdown


A new vulnerability in the WPA2 protocol was discovered by¬†Mathy¬†Vanhoef¬†(researcher at KU Leuven) and published yesterday. The vulnerability - dubbed¬† "KRACK" - enables an attacker to intercept WPA2 encrypted network traffic between a client device (e.g. mobile or laptop) and a router. Depending on the network configuration¬†it is even possible¬†for an attacker to alter or … Continue reading KRACKing WPA2

Who is watching your home surveillance systems?

This morning, I heard on the radio that dozens of Belgian families were being watched through their own home surveillance system in Belgium. Nothing new here, as we already know for years that sites exist through which you can watch camera footage of unknowing victims, and this problem is not just limited to Belgium of … Continue reading Who is watching your home surveillance systems?