RPC or Not, Here We Log: Preventing Exploitation and Abuse with RPC Firewall

Welcome, readers, to the first installment of our blog series "Preventing Exploitation and Abuse with the RPC Firewall".In this post, we'll delve into how to create rules for the RPC firewall and how to deploy them onto our servers.In the year 2024, we'll release the second part of this series, where we'll explore detection possibilities … Continue reading RPC or Not, Here We Log: Preventing Exploitation and Abuse with RPC Firewall →

Most common Active Directory misconfigurations and default settings that put your organization at risk

Introduction In this blog post, we will go over the most recurring (and critical) findings that we discovered when auditing the Active Directory environment of different companies, explain why these configurations can be dangerous, how they can be abused by attackers and how they can be mitigated or remediated. First, let’s start with a small … Continue reading Most common Active Directory misconfigurations and default settings that put your organization at risk →

Unlocking the power of Red Teaming: An overview of trainings and certifications

NVISO enjoys an excellent working relationship with SANS and has been involved as Instructors and Course Authors for a variety of their courses: For SEC511, Continuous Monitoring and Security Operations, Maxim Deweerdt is a Certified Instructor For SEC575, iOS and Android Application Security Analysis and Penetration Testing, Jeroen Beckers is the Course Author For SEC598, … Continue reading Unlocking the power of Red Teaming: An overview of trainings and certifications →

Finding hooks with windbg

In this blogpost we are going to look into hooks, how to find them, and how to restore the original functions.

CVE Farming through Software Center – A group effort to flush out zero-day privilege escalations

Intro In this blog post we discuss a zero-day topic for finding privilege escalation vulnerabilities discovered by Ahmad Mahfouz. It abuses applications like Software Center, which are typically used in large-scale environments for automated software deployment performed on demand by regular (i.e. unprivileged) users. Since the topic resulted in a possible attack surface across many … Continue reading CVE Farming through Software Center – A group effort to flush out zero-day privilege escalations →

Breaking out of Windows Kiosks using only Microsoft Edge

Introduction In this blog post, I will take you through the steps that I performed to get code execution on a Windows kiosk host using ONLY Microsoft Edge. Now, I know that there are many resources out there for breaking out of kiosks and that in general it can be quite easy, but this technique … Continue reading Breaking out of Windows Kiosks using only Microsoft Edge →