A practical guide to RFID badge copying

During red teaming assignments we are sporadically asked to attempt to gain access to certain physical “flags”. These flags could be the inside of a server room, or the workstation of a member of the management team. Aside from these red teaming assignments, in most organisations, access badges are often the single factor of security [...]

A 30-minute sweep of Industrial Control Systems in Belgium

TLDR; We found several ICS systems in Belgium that were exposed to the internet without requiring any authentication. Screenshots below. Update 19/12: We've also had some coverage in the media about this research. 'De Standaard' did an article about it and so did 'Datanews' (in Dutch and in French). Industrial Control Systems (ICS) is the [...]

Analyzing an Office Maldoc with a VBA Emulator

Today we were informed of another maldoc sample. After a quick look, we were convinced that this sample would be a good candidate for Philippe Lagadec's VBA emulator ViperMonkey. The maldoc in a nutshell: when the spreadsheet is opened, the VBA code builds a long JScript script and then executes it. This script contains base64 code for [...]


I was handed an interesting PDF document. It doesn't contain malicious code, yet it generates network traffic. Let me explain how this is achieved. Creating a PDF that makes a HTTP(S) connection to a website is easy. There's no need to use an exploit, not even JavaScript. You just have to use a URI object: [...]