To Zoom or Not to Zoom

During these COVID-19 times, personal interaction with colleagues and customers is no longer straightforward. Lots of companies are therefore looking into video conferencing solutions. One of the most popular out there, Zoom, recently hit the news with multiple security and privacy issues. Although this definitely needed to be fixed by Zoom (a first update addressing …

Working from home: tell staff about phishing & data leakage [template e-mails included]

Source: gcn.com It comes as no surprize to us, as security professionals, that hackers have been exploiting the COVID-19 situation in a series of Corona-themed scams – take this recent message from Interpol, for example. With the progressive (or not) implementation of lock down-like restrictions across the world, companies are turning to remote working to …

IoT hacking field notes #1: Intro to glitching attacks

TL;DR: First in a new series of short, IoT-related posts, this tells the story of a simple glitching attack we used to get a bootloader shell and ultimately root a device. IoT field notes is a new series of short stories about interesting (hopefully 🙂 ) observations, vulnerabilities and techniques, inspired directly from the IoT …

My journey reaching #1 on Hack The Box Belgium – 10 tips, tricks and lessons learned.

Ranked #1 on HackTheBox Belgium Not so long ago, I achieved a milestone in my penetration testing career.: reaching rank 1 on HackTheBox. For those of you that don’t know what Hack The Box (HTB) is: Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and …

The return of the spoof part 2: Command line spoofing

A few days ago I wrote a blog post about the evolving landscape of threat detection and how attackers need to adapt their techniques. In the previous post, I talked about one of the deception techniques that attackers are now using, called parent process ID spoofing. In this blog post, I’ll talk about another deception …

The return of the spoof part 1: Parent process ID spoofing

Years ago (as early as 2009), my colleague Didier Stevens wrote a blog post about parent process ID spoofing. Back then, most companies were not as secure as they are now, therefore, most attackers got away with ‘basic’ exploitation, not having the need to do much obfuscation or deception. Thankfully, the security posture of the …

Creating Responders in The Hive

The Hive is an  open source Security Incident Response Platform (SIRP) that has gained quite some popularity over the last few years. One of the many reasons is the link with Cortex and its Analyzers and Responders. Analysts can automate the response to existing cases by initiating one or more Responders. This blog will show …

Here phishy phishy : How to recognize phishing

Here phishy phishy… – source: Combell According to our latest research, which can be seen in this video , an astonishing 32% of employees click on phishing URL’s, and 1 in 5 emails can be considered as malicious. But what makes a phishing attack successful? Are we really that naive to let ourselves become phishing …

3 techniques to defend your Machine Learning models against Adversarial attacks

Following our accounts of what adversarial machine learning means and how it works, we close this series of posts by describing what you can do to defend your machine learning models against attackers. There are different approaches to solve this issue, and we discuss them in order of least to most effective: target concealment, data …

This is not a hot dog: an intuitive view on attacking machine learning models

In a previous post we introduced the field of adversarial machine learning and what it could mean for bringing AI systems into the real world. Now, we’ll dig a little deeper into the concept of adversarial examples and how they work.For the purpose of illustrating adversarial examples, we’ll talk about them in the context of …