Securing IACS based on ISA/IEC 62443 – Part 1: The Big Picture

For many years, industrial automation and control systems (IACS) relied on the fact that they were usually isolated in physically secured areas, running on proprietary hardware and software. When open technologies, standard operating systems and protocols started pushing their way into IACS replacing proprietary solutions, the former “security through obscurity” approach did no longer work. …

Cyber Security Contests – A look behind the scenes about how to expand the community

Cyber security has long since become a strategic priority for organizations across the globe and in all sectors. Therefore, training and hiring young potential in information security has become a crucial goal.   To raise awareness of cyber security threats and help train a generation of security aware security experts, we at NVISO organize Capture the Flag (CTF) Cyber Security Events in two countries, Belgium and Germany and reach a broad audience.   Each …

Smart Home Devices: assets or liabilities? – Part 2: Privacy

TL;DR – Part two of this trilogy of blog posts will tackle the next big topic when it comes to smart home devices: privacy. Are these devices doubling as the ultimate data collection tool, and are we unwittingly providing the manufacturers with all of our private data? Find out in this blog post! This blog …

Proxying Android app traffic – Common issues / checklist

During a mobile assessment, there will typically be two sub-assessments: The mobile frontend, and the backend API. In order to examine the security of the API, you will either need extensive documentation such as Swagger or Postman files, or you can let the mobile application generate all the traffic for you and simply intercept and …

Smart Home Devices: assets or liabilities? – Part 1: Security

This blog post is part of a series, keep an eye out for the following parts! TL;DR – Smart home devices are everywhere, so I tested the base security measures implemented on fifteen devices on the European market. In this blog post, I share my experience throughout these assessments and my conclusions on the overall …

Backdooring Android Apps for Dummies

TL;DR – In this post, we’ll explore some mobile malware: how to create them, what they can do, and how to avoid them. Are you interested in learning more about how to protect your phone from shady figures? Then this blog post is for you. Introduction We all know the classic ideas about security on …

EDR: an overview of visibility improvements and economic benefits

Endpoint Detection and Response (EDR) is one of the most talked about cybersecurity topics in the last few years; it is on the agenda of most security officers as one of the first improvements to embrace in their organization, if not yet done. Why, though? What has made EDR the number one must-have security solution? …

Testing Ripple20: A closer look and proof of concept script for CVE-2020-11898

TL;DR: We use a proof of concept script to attack a Digi Connect ME 9210 device affected by CVE-2020-11898, part of the newly-released Ripple20 series of vulnerabilities. Ripple20 In June 2020, JSOF released information about a series of 19 vulnerabilities dubbed “Ripple20”. Ripple20 affects the popular Treck network stack, which is used by many connected …

Using Word2Vec to spot anomalies while Threat Hunting using ee-outliers

Introduction In this blog post, we want to introduce the user to the concept of using Machine Learning techniques designed to originally spot anomalies in written (English) sentences, and instead apply them to support the Threat Analyst in spotting anomalies in security events. The basic idea behind this is that we try to identify sentences …

Why Crisis management exercises (still) work

Do you know that feeling, when you think you did a great job, and suddenly you look at it with a new perspective and only then you realize in terror that it was not at all as good as you thought? I do. One of the things our Cyberculture team does is War Games. Crisis …