Become Big Brother with Microsoft Purview

Introduction With the never-ending amount of data we generate, process, and share within and between companies, and the value this information can hold – such as personal data, top secret documents, or even information related to national security – it is natural that one of the main interests in cybersecurity is data security. Let it … Continue reading Become Big Brother with Microsoft Purview →

Covert TLS n-day backdoors: SparkCockpit & SparkTar

This report documents two covert TLS-based backdoors identified by NVISO: SparkCockpit & SparkTar. Both backdoors employ selective interception of TLS communication towards the legitimate Ivanti server applications.

Top things that you might not be doing (yet) in Entra Conditional Access

Top things you might not be doing (yet) in Entra Conditional Access

Introduction In this blog post, I focus on the top things that you might not be doing (yet) in Entra Conditional Access. It is not an exhaustive list, but it is based on my experience assessing many different Entra ID, formerly Azure AD, environments as a consultant at NVISO Security. The following points are, in … Continue reading Top things that you might not be doing (yet) in Entra Conditional Access →

Is the Google search bar enough to hack Belgian companies?

In this blog post, we will go over a technique called Google Dorking and demonstrate how it can be utilized to uncover severe security vulnerabilities in web applications hosted right here in Belgium, where NVISO was founded. The inspiration for this security research arose from the observation that many large organizations have fallen victim to … Continue reading Is the Google search bar enough to hack Belgian companies? →

Deobfuscating Android ARM64 strings with Ghidra: Emulating, Patching, and Automating

In a recent engagement I had to deal with some custom encrypted strings inside an Android ARM64 app. I had a lot of fun reversing the app and in the process I learned a few cool new techniques which are discussed in this writeup. This is mostly a beginner guide which explains step-by-step how you … Continue reading Deobfuscating Android ARM64 strings with Ghidra: Emulating, Patching, and Automating →

Scaling your threat hunting operations with CrowdStrike and PSFalcon

Introduction Most modern day EDRs have some sort of feature which allows blue teamers to remotely connect to hosts with an EDR agent/sensor installed, to aid in their investigation of incidents. In CrowdStrike, this is called Real Time Response, and it provides a wide range of capabilities, from executing built-in commands like ipconfig and netstat … Continue reading Scaling your threat hunting operations with CrowdStrike and PSFalcon →