Writing an Acceptable Use Policy sounds simple. Until you get started. We’ve all heard about users being the weakest link and the source of all cyber evil. I can understand the frustration of some of my cyber colleagues, but we’ve designed complex technology and expect them to use it perfectly – are we being reasonable? […]
Category Archives: Uncategorized
Sigma engine adds support for ee-outliers backend: start tagging your Sigma hits in Elasticsearch!
Introduction We are happy to announce that the awesome people maintaining the Sigma project on GitHub have merged our work to support the ee-outliers backend! So what you can you do with this? Sigma already contained support for Elasticsearch through the es-dsl and es-qs backends. However, these generate queries then need to be integrated by […]
Email alerting on geographically suspicious firewall connections using logalert.py, geoiplookup and AbuseIPDB
Introduction Earlier this week, we released logalert.py, a simple python tool that can be used to pipe standard output to email for the purpose of alerting. In this blog post we want to give a concrete example of how logalert.py can be used to get simple & reliable email notifications about suspicious firewall connections, based on […]
Releasing logalert.py – Smart piping of command output to email for alerting
Introduction Today we are releasing a small but useful tool, logalert.py. This tool can be used to pipe standard output to email for the purpose of alerting. A simple caching system is used to avoid sending duplicate alerts within a certain timeframe. The tool was developed for cases where you want a simple and robust […]
Video: Attack Surface Reduction (ASR) Bypass using VBA
Introduction Attack surface reduction rules in Windows target software behaviors that are often abused by attackers. In this blog post & video, we want to demonstrate a way of bypassing one of these rules from within VBA. Bypass Parent process selection can be done from VBA. There is an Attack Surface Reduction rule to block […]
To Zoom or Not to Zoom
During these COVID-19 times, personal interaction with colleagues and customers is no longer straightforward. Lots of companies are therefore looking into video conferencing solutions. One of the most popular out there, Zoom, recently hit the news with multiple security and privacy issues. Although this definitely needed to be fixed by Zoom (a first update addressing […]
Working from home: tell staff about phishing & data leakage [template e-mails included]
Source: gcn.com It comes as no surprize to us, as security professionals, that hackers have been exploiting the COVID-19 situation in a series of Corona-themed scams – take this recent message from Interpol, for example. With the progressive (or not) implementation of lock down-like restrictions across the world, companies are turning to remote working to […]
IoT hacking field notes #1: Intro to glitching attacks
TL;DR: First in a new series of short, IoT-related posts, this tells the story of a simple glitching attack we used to get a bootloader shell and ultimately root a device. IoT field notes is a new series of short stories about interesting (hopefully 🙂 ) observations, vulnerabilities and techniques, inspired directly from the IoT […]
My journey reaching #1 on Hack The Box Belgium – 10 tips, tricks and lessons learned.
Ranked #1 on HackTheBox Belgium Not so long ago, I achieved a milestone in my penetration testing career.: reaching rank 1 on HackTheBox. For those of you that don’t know what Hack The Box (HTB) is: Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and […]
The return of the spoof part 2: Command line spoofing
A few days ago I wrote a blog post about the evolving landscape of threat detection and how attackers need to adapt their techniques. In the previous post, I talked about one of the deception techniques that attackers are now using, called parent process ID spoofing. In this blog post, I’ll talk about another deception […]
