Integrating Abuse Case Scenarios to Improve Authorization Testing

Introduction In many penetration testing assessments, it is common to encounter applications that support multiple user roles, such as admin, normal user, approver, and others. Consequently, testers are often provided with accounts and credentials for various roles during a grey-box assessment. During a penetration test, the focus is often on identifying technical vulnerabilities such as … Continue reading Integrating Abuse Case Scenarios to Improve Authorization Testing →

The Detection & Response Chronicles: Exploring Telegram Abuse

Adversaries utilizing popular messaging apps throughout different attack phases is nothing new. Telegram, in particular, has constantly been the subject of abuse by multiple threat actors, favoured for its anonymity, accessibility, resilience, and operational advantages. In this blog, we explore popular Telegram Bot APIs, recent campaigns involving Telegram abuse, and provide detection and hunting opportunities.

Managing SIEM Log Collectors at Scale with Ansible and GitHub Actions – Part 1

A Security Operations Center (SOC) watches an organization’s IT systems for cyber threats 24/7. It quickly finds and fixes security problems and uses Security Information and Event Management (SIEM) tools to collect and analyze alerts and logs. SIEMs depend on log Collectors servers, which gather data from many sources and send it to the SIEM. … Continue reading Managing SIEM Log Collectors at Scale with Ansible and GitHub Actions – Part 1 →

Detection Engineering: Practicing Detection-as-Code – Tuning – Part 8

In Part 7, we showcased how we can leverage automation to continuously monitor the performance and trigger rate of our deployed detections. In this part, we are going to investigate how we can introduce automation and utilize continuous deployment pipelines to streamline the tedious task of tuning our detections.

Contagious Interview Actors Now Utilize JSON Storage Services for Malware Delivery

NVISO reports a new development in the Contagious Interview campaign. The threat actors have recently resorted to utilizing legitimate JSON storage services like JSON Keeper, JSONsilo, and npoint.io to host and deliver malware from trojanized code projects, with the lure being a use case or demo project as part of an interview process. Background Contagious … Continue reading Contagious Interview Actors Now Utilize JSON Storage Services for Malware Delivery →

Patching Android ARM64 library initializers for easy Frida instrumentation and debugging

Intro During both mobile security and mobile resiliency assessments, you often end up instrumenting the application to analyze its internals. By using either Frida or a classical debugger, we can gain valuable insight into the data flows and also modify some data on the fly to make the application behave the way we want it … Continue reading Patching Android ARM64 library initializers for easy Frida instrumentation and debugging →