IntroductionPurpose of the blogpostWhat is Labshock?What Will We Do?Setting Up the Virtual Oil PlantCreate Your EnvironmentInstall LabshockDockerDownload & build LabshockStarting LabshockConducting the HackStep 1: ReconnaissanceStep 2: Explore the PLC & SCADAStep 3: Find the correct IPStep 4: Interact with Modbus (Read Data)ModbusCoils & RegistersPump 1 & 2Step 5: Hack the Pumps (Write Data)Hack the pump … Continue reading Refinery raid
Or, "Yet another ransomware blog post?" "Yet another ransomware blog post?" I hear you asking. Well, yes! Besides, Ransomware attacks have been on the rise again costing affected organizations and industries more than ever. Let's dive into some numbers to set the stage: According to IBM andย Ponemon institute, in 2024, the average cost of a … Continue reading Building Cyber Resilience Against Ransomware Attacks
Many enterprise laptops use BitLocker to provide full disk encryption (FDE) to protect sensitive data from exposure if the laptop were stolen. But how adequate is the default implementation of BitLocker to protect data at rest in this scenario? The security of all encryption relies on protection of the key material. A common assumption is … Continue reading Wake up and Smell the BitLocker Keys
In the previous post, we introduced the concept of Third-Party Risk Management (TPRM) and its importance in todayโs interconnected world. Now, let us have a look at the practical aspects of building a solid TPRM program and why it is important for your company. 1. Start with a Third-Party Inventory The first step in building … Continue reading The Importance of Establishing a Solid Third Party Risk Management Framework for Risk Mitigation
In todayโs world, organizations are increasingly depending on their third-party vendors, suppliers, and partners to support their operations. This way of working, in addition to the digitalization era weโre in, can have great advantages such as being able to offer new services quickly while relying on otherโs expertise or cutting costs on already existing processes. … Continue reading Introduction to Third-Party Risk Management
What is this blog post about? This blog post is about why incident responder artifacts not only play a role on the defensive but also offensive side of cyber security. We are gonna look at some of the usually collected evidences and how they can be valuable to us as red team operators. We will … Continue reading From Evidence to Advantage: Leveraging Incident Response Artifacts for Red Team Engagements
