RPC or Not, Here We Log: Preventing Exploitation and Abuse with RPC Firewall

Welcome, readers, to the first installment of our blog series "Preventing Exploitation and Abuse with the RPC Firewall".In this post, we'll delve into how to create rules for the RPC firewall and how to deploy them onto our servers.In the year 2024, we'll release the second part of this series, where we'll explore detection possibilities … Continue reading RPC or Not, Here We Log: Preventing Exploitation and Abuse with RPC Firewall →

Introducing CS2BR pt. III – Knees deep in Binary

Introduction Over the span of the previous two blog posts in the series, I showed why the majority of Cobalt Strike (CS) BOFs are incompatible with Brute Ratel C4 (BRC4) and what you can do about it. I also presented CS2BR itself: it's a tool that makes patching BOFs to be compatible with BRC4 a … Continue reading Introducing CS2BR pt. III – Knees deep in Binary →

Most common Active Directory misconfigurations and default settings that put your organization at risk

Introduction In this blog post, we will go over the most recurring (and critical) findings that we discovered when auditing the Active Directory environment of different companies, explain why these configurations can be dangerous, how they can be abused by attackers and how they can be mitigated or remediated. First, let’s start with a small … Continue reading Most common Active Directory misconfigurations and default settings that put your organization at risk →

A Beginner’s Guide to Adversary Emulation with Caldera

Target Audience The target audience for this blog post is individuals who have a basic understanding of cybersecurity concepts and terminology and looking to expand their knowledge on adversary emulation. This post delves into the details of adversary emulation with the Caldera framework exploring the benefits it offers. By catering to a beginner to intermediate … Continue reading A Beginner’s Guide to Adversary Emulation with Caldera →

Unlocking the power of Red Teaming: An overview of trainings and certifications

NVISO enjoys an excellent working relationship with SANS and has been involved as Instructors and Course Authors for a variety of their courses: For SEC511, Continuous Monitoring and Security Operations, Maxim Deweerdt is a Certified Instructor For SEC575, iOS and Android Application Security Analysis and Penetration Testing, Jeroen Beckers is the Course Author For SEC598, … Continue reading Unlocking the power of Red Teaming: An overview of trainings and certifications →

Introducing CS2BR pt. II – One tool to port them all

Introduction In the previous post of this series we showed why Brute Ratel C4 (BRC4) isn't able to execute most BOFs that use the de-facto BOF API standard by Cobalt Strike (CS): BRC4 implements their own BOF API which isn't compatible with the CS BOF API. Then we also outlined an approach to solve this … Continue reading Introducing CS2BR pt. II – One tool to port them all →