The ISO 27001 Certification silver bullet An ISO 27001 certification is often used by a supplier to assure its customers they take information security seriously. This doesnโt mean that they will not suffer any security breaches but maintaining a well-designed ISMS will decrease the likelihood from happening. And thatโs why many organizations rely on an [...]
Tampering with Digitally Signed VBA Projects
TL;DR Macro code in Office documents can be digitally signed, and Office can be configured to restrict macro execution to digitally signed documents. We found a method to alter digitally signed VBA projects to execute our own, arbitrary code under the right conditions, without invalidating the digital signature. When we recommend clients to harden their [...]
A checklist to populate your Acceptable Use Policy
In our previous blogpost, we discussed how to take some of the dust off your Acceptable Use Policy (AUP) or IT security code of conduct, making it a bit more user friendly and educational. Now, we're giving you a sort of checklist of the topics to discuss in a typical AUP, based on the table [...]
Intercepting Flutter traffic on Android x64
In a previous blogpost, I explained my steps for reversing the flutter.so binary to identify the correct offset/pattern to bypass certificate validation. As a very quick summary: Flutter doesn't use the system's proxy settings, and it doesn't use the system's certificate store, so normal approaches don't work. My previous guide only explained how to intercept [...]
Three tips for a better IT Acceptable Use Policy
Writing an Acceptable Use Policy sounds simple. Until you get started. Weโve all heard about users being the weakest link and the source of all cyber evil. I can understand the frustration of some of my cyber colleagues, but weโve designed complex technology and expect them to use it perfectly โ are we being reasonable? [...]
Sigma engine adds support for ee-outliers backend: start tagging your Sigma hits in Elasticsearch!
Introduction We are happy to announce that the awesome people maintaining the Sigma project on GitHub have merged our work to support the ee-outliers backend! So what you can you do with this? Sigma already contained support for Elasticsearch through the es-dsl and es-qs backends. However, these generate queries then need to be integrated by [...]
Email alerting on geographically suspicious firewall connections using logalert.py, geoiplookup and AbuseIPDB
Introduction Earlier this week, we released logalert.py, a simple python tool that can be used to pipe standard output to email for the purpose of alerting. In this blog post we want to give a concrete example of how logalert.py can be used to get simple & reliable email notifications about suspicious firewall connections, based on [...]
Releasing logalert.py – Smart piping of command output to email for alerting
Introduction Today we are releasing a small but useful tool, logalert.py. This tool can be used to pipe standard output to email for the purpose of alerting. A simple caching system is used to avoid sending duplicate alerts within a certain timeframe. The tool was developed for cases where you want a simple and robust [...]
Video: Attack Surface Reduction (ASR) Bypass using VBA
Introduction Attack surface reduction rules in Windows target software behaviors that are often abused by attackers. In this blog post & video, we want to demonstrate a way of bypassing one of these rules from within VBA. Bypass Parent process selection can be done from VBA. There is an Attack Surface Reduction rule to block [...]
To Zoom or Not to Zoom
During these COVID-19 times, personal interaction with colleagues and customers is no longer straightforward. Lots of companies are therefore looking into video conferencing solutions. One of the most popular out there, Zoom, recently hit the news with multiple security and privacy issues. Although this definitely needed to be fixed by Zoom (a first update addressing [...]
