My friend recently got hit with Dever ransomware. This blog post will talk about the network architecture of the environment, live incident response, an interesting prefetch, timeline of the attack, info on Dever ransomware, summary and IOCs.

Intro

There is a critical vulnerability in ThemeGrill Demo Importer that leads to database wipe and auth bypass. In the versions 1.3.4 and above.

The results are in! After 51 nominations whittled down to 15 finalists by a community vote, an expert panel consisting of Nicolas Grégoire, Soroush Dalili, Filedescriptor, and myself have conferred, v

Introduction There are several kinds of delegation implemented by using the Kerberos protocol. Basically, delegation allows a service to impersonate the client user to interact with a second service, with the privileges and permissions of the client itself.…

A penetration test report is more often tailored to multiple reading groups and as a result needs to be broken down into multiple sections for easier digestion by the business.

My write-ups to CTF challenges. Contribute to joshdabosh/writeups development by creating an account on GitHub.

Got another anecdotal one this week! In a short summary, here, I will walk through the role that DNS, and DNS servers play in an enterprise network. Then, I’ll demonstrate how we can glean ba…

Not all SSL configurations on websites are equal, and a growing number push for HTTPS everywhere. There is an increasing demand to check and quantify that little padlock in your browser. Some simple online tools provide

In this post, we look at different techniques to hide Windows API imports in a program in order to fly under the radar of static analysis tools.

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths. - BishopFox/GadgetProbe

Researchers have discovered multiple instances of unsigned firmware in computer peripherals that can be used by malicious actors to attack laptops and servers running Windows and Linux.

This is no basic listicle

I‘m going to share an (ab)use of a Windows feature which can result in bypassing User Group Policy (as well as a few other interesting…

Updog is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S, can set ad hoc SSL certificates and use http basic auth. - sc0tfree/updog

Automatically remediating poorly implemented security groups

During a performance evaluation, an unfortunate interaction of the STACKLEAK plugin with the RAP plugin was noticed that lead to unnecessary bloat. This blog post highlights the steps that have been taken to resolve the source of the problem.

Partially driven by the upcoming inclusion of Cyber Security by the IMO (International Maritime Organisation), 2019 was a really busy year for maritime security