Using Word2Vec to spot anomalies while Threat Hunting using ee-outliers

Introduction In this blog post, we want to introduce the user to the concept of using Machine Learning techniques designed to originally spot anomalies in written (English) sentences, and instead apply them to support the Threat Analyst in spotting anomalies in security events. The basic idea behind this is that we try to identify sentences … Continue reading Using Word2Vec to spot anomalies while Threat Hunting using ee-outliers

Introducing IOXY: an open-source MQTT intercepting proxy

TL;DR: IOXY is an open source MQTT intercepting proxy, developed by NVISO for our IoT pentest needs, and now available on GitHub. Features include a GUI, live packet interception and modification and MQTTS support. The need for IOXY In the web and mobile application worlds, intercepting proxies like Burp and OWASP ZAP occupy a central … Continue reading Introducing IOXY: an open-source MQTT intercepting proxy

IoT hacking field notes #2: Using bind mounts to temporarily modify read-only files

TL;DR: The second of our short, IoT-related posts shares a simple trick we use in IoT pentests to temporarily change the contents of read-only files in Linux-based devices. Very useful when trying to proxy network traffic or temporary change the behavior of a device! IoT field notes is a series of short stories about interesting … Continue reading IoT hacking field notes #2: Using bind mounts to temporarily modify read-only files

Burp, OAuth2.0 and tons of coding: a testimony of my internship in the penetration testing team at NVISO!

Hi my name is Turpal and I did my internship at NVISO starting on the 24th of February until the 29th of May 2020. In this blog post, I want to provide a bit more details about what exactly I did during this time, and what my experience felt like! The internship was part of … Continue reading Burp, OAuth2.0 and tons of coding: a testimony of my internship in the penetration testing team at NVISO!

Intercepting Flutter traffic on iOS

My previous blogposts explained how to intercept Flutter traffic on Android ARMv8, with a detailed follow along guide for ARMv7. This blogpost does the same for iOS. Testing apps The beauty of a cross-platform application is of course that I can use my previous Android test app for iOS so it has the same functionality. … Continue reading Intercepting Flutter traffic on iOS

Reviewing an ISO 27001 certificate: a checklist

The ISO 27001 Certification silver bullet An ISO 27001 certification is often used by a supplier to assure its customers they take information security seriously. This doesn’t mean that they will not suffer any security breaches but maintaining a well-designed ISMS will decrease the likelihood from happening. And that’s why many organizations rely on an … Continue reading Reviewing an ISO 27001 certificate: a checklist

Three tips for a better IT Acceptable Use Policy

Writing an Acceptable Use Policy sounds simple. Until you get started. We’ve all heard about users being the weakest link and the source of all cyber evil. I can understand the frustration of some of my cyber colleagues, but we’ve designed complex technology and expect them to use it perfectly – are we being reasonable? … Continue reading Three tips for a better IT Acceptable Use Policy

Sigma engine adds support for ee-outliers backend: start tagging your Sigma hits in Elasticsearch!

Introduction We are happy to announce that the awesome people maintaining the Sigma project on GitHub have merged our work to support the ee-outliers backend! So what you can you do with this? Sigma already contained support for Elasticsearch through the es-dsl and es-qs backends. However, these generate queries then need to be integrated by … Continue reading Sigma engine adds support for ee-outliers backend: start tagging your Sigma hits in Elasticsearch!

Email alerting on geographically suspicious firewall connections using logalert.py, geoiplookup and AbuseIPDB

Introduction Earlier this week, we released logalert.py, a simple python tool that can be used to pipe standard output to email for the purpose of alerting. In this blog post we want to give a concrete example of how logalert.py can be used to get simple & reliable email notifications about suspicious firewall connections, based on … Continue reading Email alerting on geographically suspicious firewall connections using logalert.py, geoiplookup and AbuseIPDB