Here at NVISO, we are proud to have contributed to the new SANS course “SEC599: Defeating Advanced Adversaries - Implementing Kill Chain Defenses”. This six-day training focuses on implementing effective security controls to prevent, detect and respond to cyber attacks. One of the defenses covered in SEC599 is Credential Guard. Obtaining and using credentials and … Continue reading Windows Credential Guard & Mimikatz
Category: Cyber Threats
New year, new vulnerabilities: Spectre & Meltdown
Two new vulnerabilities “Spectre” and “Meltdown” were recently discovered, affecting millions of systems worldwide. Please find our security advisory below. Summary Spectre and Meltdown are hardware vulnerabilities in … Continue reading New year, new vulnerabilities: Spectre & Meltdown
Hack Our Train
This year, in an effort to raise awareness about IoT security, we launched the Hack Our Train challenge. For over three weeks, a model train tirelessly chugged on its tracks inside our IoT village at Co.Station Brussels and then once more for two days at BruCON 2017. We provided it with an emergency brake system … Continue reading Hack Our Train
KRACKing WPA2
A new vulnerability in the WPA2 protocol was discovered by Mathy Vanhoef (researcher at KU Leuven) and published yesterday. The vulnerability - dubbed "KRACK" - enables an attacker to intercept WPA2 encrypted network traffic between a client device (e.g. mobile or laptop) and a router. Depending on the network configuration it is even possible for an attacker to alter or … Continue reading KRACKing WPA2
YARA rules for CCleaner 5.33
First reported by Talos and Morphisec, the compromise of CCleaner version 5.33 is still making news. At NVISO Labs, we created YARA detection rules as soon as the news broke, and distributed these rules to our clients subscribed to our NVISO Security Advisories. In a later blog post, we will explain in detail how to … Continue reading YARA rules for CCleaner 5.33
Who is watching your home surveillance systems?
This morning, I heard on the radio that dozens of Belgian families were being watched through their own home surveillance system in Belgium. Nothing new here, as we already know for years that sites exist through which you can watch camera footage of unknowing victims, and this problem is not just limited to Belgium of … Continue reading Who is watching your home surveillance systems?