Releasing logalert.py – Smart piping of command output to email for alerting

Introduction Today we are releasing a small but useful tool, logalert.py. This tool can be used to pipe standard output to email for the purpose of alerting. A simple caching system is used to avoid sending duplicate alerts within a certain timeframe. The tool was developed for cases where you want a simple and robust […]

Video: Attack Surface Reduction (ASR) Bypass using VBA

Introduction Attack surface reduction rules in Windows target software behaviors that are often abused by attackers. In this blog post & video, we want to demonstrate a way of bypassing one of these rules from within VBA. Bypass Parent process selection can be done from VBA. There is an Attack Surface Reduction rule to block […]

To Zoom or Not to Zoom

During these COVID-19 times, personal interaction with colleagues and customers is no longer straightforward. Lots of companies are therefore looking into video conferencing solutions. One of the most popular out there, Zoom, recently hit the news with multiple security and privacy issues. Although this definitely needed to be fixed by Zoom (a first update addressing […]

Working from home: tell staff about phishing & data leakage [template e-mails included]

Source: gcn.com It comes as no surprize to us, as security professionals, that hackers have been exploiting the COVID-19 situation in a series of Corona-themed scams – take this recent message from Interpol, for example. With the progressive (or not) implementation of lock down-like restrictions across the world, companies are turning to remote working to […]

IoT hacking field notes #1: Intro to glitching attacks

TL;DR: First in a new series of short, IoT-related posts, this tells the story of a simple glitching attack we used to get a bootloader shell and ultimately root a device. IoT field notes is a new series of short stories about interesting (hopefully 🙂 ) observations, vulnerabilities and techniques, inspired directly from the IoT […]

My journey reaching #1 on Hack The Box Belgium – 10 tips, tricks and lessons learned.

Ranked #1 on HackTheBox Belgium Not so long ago, I achieved a milestone in my penetration testing career.: reaching rank 1 on HackTheBox. For those of you that don’t know what Hack The Box (HTB) is: Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and […]

The return of the spoof part 2: Command line spoofing

A few days ago I wrote a blog post about the evolving landscape of threat detection and how attackers need to adapt their techniques. In the previous post, I talked about one of the deception techniques that attackers are now using, called parent process ID spoofing. In this blog post, I’ll talk about another deception […]

The return of the spoof part 1: Parent process ID spoofing

Years ago (as early as 2009), my colleague Didier Stevens wrote a blog post about parent process ID spoofing. Back then, most companies were not as secure as they are now, therefore, most attackers got away with ‘basic’ exploitation, not having the need to do much obfuscation or deception. Thankfully, the security posture of the […]

Here phishy phishy : How to recognize phishing

Here phishy phishy… – source: Combell According to our latest research, which can be seen in this video , an astonishing 32% of employees click on phishing URL’s, and 1 in 5 emails can be considered as malicious. But what makes a phishing attack successful? Are we really that naive to let ourselves become phishing […]