Lower email spoofing incidents (and make your marketing team happy) with BIMI

Introduction Over the last couple of years, we saw the amount of phishing attacks skyrocket. According to F5, a multi-cloud security and application provider, there was a 220% increase of incidents during the height of the global pandemic compared to the yearly average. It’s expected that every year there will be an additional increase of … Continue reading Lower email spoofing incidents (and make your marketing team happy) with BIMI →

Can we block the addition of local Microsoft Defender Antivirus exclusions?

Introduction A few weeks ago, I got a question from a client to check how they could prevent administrators, including local administrators on their device, to add exclusions in Microsoft Defender Antivirus. I first thought it was going to be pretty easy by pushing some settings via Microsoft Endpoint Manager. However, after doing some research … Continue reading Can we block the addition of local Microsoft Defender Antivirus exclusions? →

NVISO EXCELS IN MITRE ATT&CK® MANAGED SERVICES EVALUATION

As one of the only EU-based Cyber Security companies, NVISO successfully participated in a first-of-its-kind, MITRE-led, evaluation of Managed Security Services (MSS). The inaugural MITRE Engenuity ATT&CK® Evaluations for Managed Security Services ran in June 2022 and its results have been published today. NVISO performed excellently in the evaluation, demonstrating services that are at or … Continue reading NVISO EXCELS IN MITRE ATT&CK® MANAGED SERVICES EVALUATION →

Visualizing MISP Threat Intelligence in Power BI – An NVISO TI Tutorial

In this blog we will explain how to use the functionality of Power BI to visualize your MISP data in a interactive and useful way.

Cortex XSOAR Tips & Tricks – Creating indicator relationships in integrations

Introduction When a Threat Intelligence Management (TIM) license is present in your Cortex XSOAR environment, the feature to create relationships between indicators is available. This allows you to describe how indicators relate to each other and use this relationship in your automated analysis of a security incident. In the previous blog post in this series, … Continue reading Cortex XSOAR Tips & Tricks – Creating indicator relationships in integrations →

Intercept Flutter traffic on iOS and Android (HTTP/HTTPS/Dio Pinning)

Some time ago I wrote some articles on how to Man-In-The-Middle Flutter on iOS, Android (ARM) and Android (ARM64). Those posts were quite popular and I often went back to copy those scripts myself. Last week, however, we received a Flutter application where the script wouldn't work anymore. As we had the source code, it … Continue reading Intercept Flutter traffic on iOS and Android (HTTP/HTTPS/Dio Pinning) →

Finding hooks with windbg

In this blogpost we are going to look into hooks, how to find them, and how to restore the original functions.

Analysis of a trojanized jQuery script: GootLoader unleashed

Update 24/10/202: We have noticed 2 changes since we published this report 3 months ago. The code has been adapted to use registry key “HKEY_CURRENT_USER\SOFTWARE\Microsoft\Personalization” instead of “HKEY_CURRENT_USER\SOFTWARE\Microsoft\Phone” (sample SHA256 ed2f654b5c5e8c05c27457876f3855e51d89c5f946c8aefecca7f110a6276a6e) When the payload is Cobalt Strike, the beacon configuration now contains hostnames for the C2, like r1dark[.]ssndob[.]cn[.]com and r2dark[.]ssndob[.]cn[.]com (all prior CS samples we … Continue reading Analysis of a trojanized jQuery script: GootLoader unleashed →

Investigating an engineering workstation – Part 4

Finally, as the last part of the blog series we will have a look at the network traffic observed. We will do this in two sections, the first one will cover a few things useful to know if we are in the situation that Wireshark can dissect the traffic for us. The second section will … Continue reading Investigating an engineering workstation – Part 4 →