Capture The Flag (CTF) competitions are an entertaining way to practice and/or improve your skills. NVISO staff regularly participates in CTF competitions, in particular when the competition focuses on IT security. We produced a video with step-by-step analysis of a CTF executable containing a buffer overflow. This executable is running on a server, and by …
Continue reading “Solving a CTF challenge: Exploiting a Buffer Overflow (video)”
Three challenges to making passwords user-friendly Following the interview of Bill Burr, author of NISTâs 2003 paper on Electronic Authentication, in which he announced that he regrets much of what he wrote, we stop and think. Why was the standard putting users at risk? Paraphrasing History: âTout pour le peuple; rien par le peupleâ. Perfectly …
In the blog post .LNK downloader and bitsadmin.exe in malicious Office document we were asked the following question by Harlan Carvey: Did you parse the LNK file for things such as embedded MAC address, NetBIOS system name, any SID, and volume serial number? We did not do that at the time, however we see the value in …
Continue reading “Tracking threat actors through .LNK files”
We produced 2 videos for our blog post Analyzing an Office Maldoc with a VBA Emulator. The first video shows ViperMonkey in action: https://www.youtube.com/watch?v=jAUg2nrt4Fw The second video shows how to extract the EXE: https://www.youtube.com/watch?v=n5oRMmSdCr8
