During a mobile assessment, there will typically be two sub-assessments: The mobile frontend, and the backend API. In order to examine the security of the API, you will either need extensive documentation such as Swagger or Postman files, or you can let the mobile application generate all the traffic for you and simply intercept and … Continue reading Proxying Android app traffic – Common issues / checklist
We are pleased to announce that we have created a unique approach with QuoIntelligence GmbH in responding to the TIBER-EU testing. Using our approach, we combine both passive threat intelligence gathering and active offensive red team testing as one seamless experience while remaining independent from each other. The TIBER-EU Framework, More Critical Now Than Ever … Continue reading NVISO and QuoIntelligence Announce Strategic Cooperation
The MITRE ATT&CK framework is probably the most well-known framework in terms of adversary emulation and by extent, red teaming.It features numerous TTPs (Tactics, Techniques, and Procedures) and maps them to threat actors. Being familiar with this framework is not only benefiting the red team operations but the blue team operations as well! To create … Continue reading MITRE ATT&CK turned purple – Part 1: Hijack execution flow
In August 2020 Microsoft patched the ZeroLogon vulnerability CVE-2020-1472. In summary, this vulnerability would allow an attacker with a foothold in your network to become a domain admin in a few clicks. The attacker only needs to establish a network connection towards the domain controller. At NVISO we are supporting multiple clients with our MDR … Continue reading Sentinel Query: Detect ZeroLogon (CVE-2020-1472)
This blog post is part of a series, keep an eye out for the following parts! TL;DR - Smart home devices are everywhere, so I tested the base security measures implemented on fifteen devices on the European market. In this blog post, I share my experience throughout these assessments and my conclusions on the overall … Continue reading Smart Home Devices: assets or liabilities? – Part 1: Security
In July 2020, NVISO detected a set of malicious Excel documents, also known as βmaldocsβ, that deliver malware through VBA-activated spreadsheets. While the malicious VBA code and the dropped payloads were something we had seen before, it was the specific way in which the Excel documents themselves were created that caught our attention. The creators … Continue reading Epic Manchego β atypical maldoc delivery brings flurry of infostealers
TL;DR - In this post, we'll explore some mobile malware: how to create them, what they can do, and how to avoid them. Are you interested in learning more about how to protect your phone from shady figures? Then this blog post is for you. Introduction We all know the classic ideas about security on … Continue reading Backdooring Android Apps for Dummies
Recently, for our open-sourced ee-outliers framework, we released a new outlier model capable of detecting the sudden appearance of one or multiple field values of an Elasticsearch event. For example, this model could spot new TLDs that are suddenly being contacted (DNS/SSL) and communicating with C2 domains. It could also detect an executable that suddenly … Continue reading Detecting the sudden appearance of events with ee-outliers and Elasticsearch
Endpoint Detection and Response (EDR) is one of the most talked about cybersecurity topics in the last few years; it is on the agenda of most security officers as one of the first improvements to embrace in their organization, if not yet done. Why, though? What has made EDR the number one must-have security solution? … Continue reading EDR: an overview of visibility improvements and economic benefits
During some redteam engagements, we find ourselves in the need of writing DLL's. However, debugging DLL's is not as easy as it seems, as a DLL isn't built to run on its own.In this article, we will explore how you can debug a DLL effectively. What is a DLL? A DLL is short for a … Continue reading Debugging DLL’s – 3 techniques to help you get started
