Keep on running ahead: NVISO’s Training Program

When you work for NVISO, we invest heavily in your personal development: to ensure you reach your full potential as a top class cyber security specialist.

Kernel Karnage – Part 2 (Back to Basics)

This week I try to figure out “what makes a driver a driver?” and experiment with writing my own kernel hooks. 1. Windows Kernel Programming 101 In the first part of this internship blog series, we took a look at how EDRs interact with User and Kernel space, and explored a frequently used feature called … Continue reading Kernel Karnage – Part 2 (Back to Basics) →

Automate, automate, automate: Three Ways to Increase the Value from Third Party Risk Management Efforts

Third Party Risk Management (“TPRM”) efforts are often considered labour-intensive, with numerous tedious, manual steps. Often, an equal amount of effort is put into managing the process as is to focusing on risks. In order to avoid this, we’d like to share three ways in which we’ve been boosting our own TPRM efficiency - through … Continue reading Automate, automate, automate: Three Ways to Increase the Value from Third Party Risk Management Efforts →

Navigating the impact of Wi-Fi FragAttacks: users, developers and asset owners

Wi-Fi devices are affected by a series of new attacks on the Wi-Fi protocol, known as FragAttacks and released in May 2021. These attacks have complex requirements and impacts. We attempt to shed some light on those and provide some guidance for users, developers and asset owners (integrators or IT staff).

New mobile malware family now also targets Belgian financial apps

While banking trojans have been around for a very long time now, we have never seen a mobile malware family attack the applications of Belgian financial institutions. Until today... Earlier this week, the Italy-based Cleafy published an article about a new android malware family which they dubbed TeaBot. The sample we will take a look … Continue reading New mobile malware family now also targets Belgian financial apps →

Securing IACS based on ISA/IEC 62443 – Part 1: The Big Picture

For many years, industrial automation and control systems (IACS) relied on the fact that they were usually isolated in physically secured areas, running on proprietary hardware and software. When open technologies, standard operating systems and protocols started pushing their way into IACS replacing proprietary solutions, the former “security through obscurity” approach did no longer work. … Continue reading Securing IACS based on ISA/IEC 62443 – Part 1: The Big Picture →