Introduction In Cortex XSOAR, indicators are a key part of the platform as they visualize the Indicators Of Compromise (IOC) of a security alert in the incident to the SOC analyst and can be used in automated analysis workflows to determine the incident outcome. If you have a Cortex XSOAR Threat Intelligence Management (TIM) license, … Continue reading Cortex XSOAR Tips & Tricks – Creating indicator relationships in automations
Why a successful Cyber Security Awareness month starts … now!
Have you noticed that it’s June, already?! Crazy how fast time flies by when busy. But Q2 of 2022 is almost ready to be closed, so why not have a peak at what the second half of the year has in store for us? Summer holidays you say? Sandy beaches and happy hour cocktails? Or … Continue reading Why a successful Cyber Security Awareness month starts … now!
Cortex XSOAR Tips & Tricks – Discovering undocumented API endpoints
Introduction When you use the Cortex XSOAR API in your automations, playbooks or custom scripts, the first place you will start is the API documentation to see which API endpoints are available. But what if you cannot find an API Endpoint for the task you want to automate in the documentation? In this blog post … Continue reading Cortex XSOAR Tips & Tricks – Discovering undocumented API endpoints
Cortex XSOAR Tips & Tricks – Exploring the API using Swagger Editor
Introduction When using the Cortex XSOAR API in your automations, playbooks or custom scripts, knowing which API endpoints are available and how to use them is key. In a previous blog post in this series, we showed you where you could find the API documentation in Cortex XSOAR. The documentation was available on the server … Continue reading Cortex XSOAR Tips & Tricks – Exploring the API using Swagger Editor
CVE Farming through Software Center – A group effort to flush out zero-day privilege escalations
Intro In this blog post we discuss a zero-day topic for finding privilege escalation vulnerabilities discovered by Ahmad Mahfouz. It abuses applications like Software Center, which are typically used in large-scale environments for automated software deployment performed on demand by regular (i.e. unprivileged) users. Since the topic resulted in a possible attack surface across many … Continue reading CVE Farming through Software Center – A group effort to flush out zero-day privilege escalations
Detecting BCD Changes To Inhibit System Recovery
Introduction Earlier this year, we observed a rise in malware that inhibits system recovery. This tactic is mostly used by ransomware and wiper malware. One notable example of such malware is “Hermetic wiper”. To inhibit recovery an attacker has many possibilities, one of which is changing the Boot Configuration Database (BCD). This post will dive … Continue reading Detecting BCD Changes To Inhibit System Recovery
Breaking out of Windows Kiosks using only Microsoft Edge
Introduction In this blog post, I will take you through the steps that I performed to get code execution on a Windows kiosk host using ONLY Microsoft Edge. Now, I know that there are many resources out there for breaking out of kiosks and that in general it can be quite easy, but this technique … Continue reading Breaking out of Windows Kiosks using only Microsoft Edge
What ISO27002 has in store for 2022
In current times, security measures have become increasingly important for the continuity of our businesses, to guarantee the safety for our clients and to confirm our company’s reputation. While thinking of security, our minds will often jump to the ISO/IEC 27001:2013 and ISO/IEC 27002:2013 standards. Especially in Europe & Asia, these have been the leading … Continue reading What ISO27002 has in store for 2022
Detecting & Preventing Rogue Azure Subscriptions
In this blog post we will cover why rogue subscriptions are problematic and revisit a solution published a couple of years ago on Microsoft's Tech Community. Finally, we will conclude with some hardening recommendations to restrict the creation and importation of Azure subscriptions.
NVISO approved as APT Response Service Provider
NVISO is proud to announce that it has successfully qualified as an APT Response service provider and is now recommended on the website of the German Federal Office for Information Security (BSI). Advanced Persistent Threats (APT) are typically described as attack campaigns in which highly skilled, often state-sponsored, intruders orchestrate targeted, long-term attacks. Due to their … Continue reading NVISO approved as APT Response Service Provider