Learn how Purple Teaming brings together offensive and defensive strategies for a more comprehensive and impactful cybersecurity approach.
( 7
min )
By Paweł Płatek We are publishing a set of custom CodeQL queries for Go and C. We have used them to find critical issues that the standard CodeQL queries would have missed. This new release of a continuously updated repository of CodeQL queries joins our public Semgrep rules and Automated Testing Handbook in an effort […]
( 16
min )
Tom Hegel explores China's influence in Africa and highlights an opportunity for broader understanding of global cyber threat landscapes.
( 24
min )
Introduction Security information and event management (SIEM) tooling allows security teams to collect and analyse logs from a wide variety of sources. In turn this is used to detect and handle incidents. Evidently it is important to ensure that the log ingestion is complete and uninterrupted. Luckily SIEMs offer out-of-the-box solutions and/or capabilities to create … Continue reading Data Connector Health Monitoring on Microsoft Sentinel →
( 12
min )
A message from HackerOne's CEO about the power of both artificial and human intelligence.
( 10
min )
This is a gif of the exfiltration process (We've increased the speed so you're not waiting around for 1 minute). Read on to discover how this works... Why would we want to do blind CSS exfiltration? I
( 9
min )
The post Multiple Vulnerabilities In Extreme Networks ExtremeXOS appeared first on Rhino Security Labs.
( 7
min )
Overview Recently, we decided to perform some reverse engineering of the SonicWall NSv appliance to identify any potential remote code execution vulnerabilities within the appliance. During our initial analysis of a virtual machine image for the application, we discovered a customized LUKS encryption mechanism meant to hinder reverse engineering of the application. We were able […]
The post Analyzing the SonicWall Custom Grub LUKS Encryption Modifications appeared first on Praetorian.
( 14
min )
SystoLOCK offers a robust solution for enhancing security through multi-factor authentication (MFA) without passwords in an Active Directory environment. Unlike other methods, SystoLOCK does not rely on cloud services. The solution introduces the convenience similar to smartcard-based authentication, eliminating the need for complex password management. Moreover, SystoLOCK allows users to log in securely via VPN connections and supports offline login functionality.
SystoLOCK in review: Logging in to Active Directory with multi-factor authentication without passwords first appeared on 4sysops.
( 54
min )
HackerOne's Kayla Underkoffler shares her career journey and how she arrived at her current role.
( 10
min )
Vendor: Sonos Vendor URL: https://www.sonos.com/ Versions affected: * Confirmed 73.0-42060 Systems Affected: Sonos Era 100 Author: Ilya Zhuravlev Advisory URL: Not provided by Sonos. Sonos state an update was released on 2023-11-15 which remediated the issue. CVE Identifier: N/A Risk: High Summary Sonos Era 100 is a smart speaker released in 2023. A vulnerability exists […]
( 64
min )
Research performed by Ilya Zhuravlev supporting the Exploit Development Group (EDG). The Era 100 is Sonos’s flagship device, released on March 28th 2023 and is a notable step up from the Sonos One. It was also one of the target devices for Pwn2Own Toronto 2023. NCC found multiple security weaknesses within the bootloader of the […]
( 68
min )
Many organizations are behind the curve in understanding their SaaS applications and governance. In fact, for many IT admins, SaaS applications and SaaS app governance can be very challenging in terms of visibility and control. ENow has introduced a free assessment tool called AppGov Score that quantifies the governance state of Microsoft Entra ID apps and gives admins visibility into SaaS apps in the Microsoft cloud.
What’s your ENow AppGov Score? Free Microsoft Entra ID app security assessment first appeared on 4sysops.
( 52
min )
New UI and quality of life updates!
( 18
min )
HackerOne is delighted to announce the launch of Mercado Libre’s Public Bug Bounty Program.
( 18
min )
Explore how revisiting past cyber incidents can empower defenders and help to anticipate future threats more effectively.
( 27
min )
Microsoft’s Azure Active Directory B2C service allows cloud administrators to define custom policies, which orchestrates trust between principals using standard authentication protocols. One such custom policy that B2C defines by default is the Resource Owner Password Credentials (ROPC) flow, which implements the OAuth standard authentication flow of the same name and allows users to simply […]
The post Why Azure B2C ROPC Custom Flows Are Inherently Insecure appeared first on Praetorian.
( 10
min )
Get insights into offensive security trends in the healthcare sector with data from the Ponemon Institute’s 2023 State of Offensive Security Report.
( 8
min )
Leveraging TPM 2.0 to unlock Linux Unified Key Setup (LUKS) encrypted partitions ensures an added layer of protection, utilizing hardware-backed security measures to safeguard critical data while automating the unlocking of encrypted drives at boot time.
Unlock Linux Unified Key Setup (LUKS) encrypted partitions with TPM 2.0 first appeared on 4sysops.
( 52
min )
Copa, an open-source container image security tool from Microsoft, addresses the need to update container images. It lets you immediately patch container image vulnerabilities without relying on developers or maintainers.
Update container images with Copa first appeared on 4sysops.
( 52
min )
Are you wondering why your printer spooler stopped? This article addresses common Windows print spooler errors and various methods for fixing them.
If the print spooler stops—how to fix common print spooler errors first appeared on 4sysops.
( 51
min )
It is astonishing that over 200 billion spam emails are sent out every single day. One way to tackle this problem in Microsoft 365, formerly Office 365, is to use anti-spam policies.
Anti-spam policies in Microsoft 365 (Office 365) first appeared on 4sysops.
( 54
min )
By Yarden Shafir Why has Event Tracing for Windows (ETW) become so pivotal for endpoint detection and response (EDR) solutions in Windows 10 and 11? The answer lies in the value of the intelligence it provides to security tools through secure ETW channels, which are now also a target for offensive researchers looking to bypass […]
( 16
min )
The inaugural Glass Firewall Conference: Breaking Bytes and Barriers was sponsored by Capital One, GitHub, and HackerOne.
( 9
min )
Multiple vulnerabilities identified in Adobe ColdFusion allow an unauthenticated attacker to obtain the service account NTLM password hash, verify the existence of a file or directory on the underlying operating system, and configure central config server settings.
( 72
min )
Windows 11 23H2 introduces a range of new Group Policy settings. These target new features like Dev Drive and extend the management options for existing components. The corresponding ADMX templates are already available for download, as is the setting reference spreadsheet.
New Group Policy settings in Windows 11 23H2 first appeared on 4sysops.
( 52
min )
Author: Alex Jessop (@ThisIsFineChief) Summary Tl;dr This post will delve into a recent incident response engagement handled by NCC Group’s Cyber Incident Response Team (CIRT) involving the Ransomware-as-a-Service known as NoEscape. Below provides a summary of findings which are presented in this blog post: NoEscape NoEscape is a new financially motivated ransomware group delivering a […]
( 67
min )
Welcome back! Today we’re going to talk about hosting encrypted stager shellcode. There are a lot of uses for this. Whether you’re trying to implement a “fileless” implant or you’ve found writable…
( 10
min )
One of the main new features of Windows Server 2022 is SMB over QUIC. QUIC serves as an alternative to TCP and RDMA, providing a secure connection to a file server over untrusted networks. This protocol is based on UDP and TLS 1.3, enhancing the security and performance of file shares. Windows Server 2025 will include it in all editions, along with the new QUIC Client Access Control. QUIC has been exclusive to the Azure Edition until now.
Windows Server 2025 will support SMB over QUIC in all editions first appeared on 4sysops.
( 51
min )
SecureAuth has just announced the major release of Arculix, our next-gen authentication platform that delivers major enhancements to its low code/no code orchestration engine. Since our orchestration product was built from the ground up, not acquired via acquisition, to be Arculix’s policy engine, we were able to focus on designing a product specifically to extend […]
The post SecureAuth Drives Major Additions to Arculix’s Orchestration Engine to Deliver Optimal User Experience with No Code, Low Code appeared first on SecureAuth.
( 31
min )
After the SEC's recent charges against SolarWinds, publicly traded companies need robust cybersecurity risk management.
( 10
min )
Exploring the technical intricacies of Appin, a hack-for-hire group, revealing confirmed attribution and global threat activity, both old and new.
( 33
min )
NetSPI explores extracting managed identity credentials from Azure Function Apps to expose sensitive data.
The post Mistaken Identity: Extracting Managed Identity Credentials from Azure Function Apps appeared first on NetSPI.
( 54
min )
The new graphical console brings a number of improvements over the classic console host. However, for the foreseeable future, both environments are available. In Windows 11, the new terminal is already set as the default, but you can switch between both as needed. Unfortunately, the coexistence between the two terminals is suffering from some inconsistencies.
Switch between Windows Terminal and the legacy console first appeared on 4sysops.
( 50
min )
No content preview
( 9
min )
Over the past year, I’ve been working on making significant updates to Merlin in my free time. Today, I’m ready to release version 2 of…
( 16
min )
By Alvin Crighton, Anusha Ghosh, Suha Hussain, Heidy Khlaaf, and Jim Miller TL;DR: We identified 11 security vulnerabilities in YOLOv7, a popular computer vision framework, that could enable attacks including remote code execution (RCE), denial of service, and model differentials (where an attacker can trigger a model to perform differently in different contexts). Open-source software […]
( 18
min )
At Fox-IT (part of NCC Group) identifying servers that host nefarious activities is a critical aspect of our threat intelligence. One approach involves looking for anomalies in responses of HTTP servers. Sometimes cybercriminals that host malicious servers employ tactics that involve mimicking the responses of legitimate software to evade detection. However, a common pitfall of […]
( 72
min )
In August 2023, Meta engaged NCC Group’s Cryptography Services practice to perform an implementation review of their Auditable Key Directory (AKD) library, which provides an append-only directory of public keys mapped to user accounts and a framework for efficient cryptographic validation of this directory by an auditor. The library is being leveraged to provide an […]
( 66
min )
A data-informed prioritization strategy is integral to ensuring remediation efforts are practical — and severity does not always mean priority.
( 11
min )
Part 11: Functional Composition
( 31
min )
Linux's logical volume management (LVM) system manages and provisions data on physical disks. In this article, I will explain how LVM functions, how to manage it on a single volume, and how to encrypt it using Cockpit. In future articles, we'll discuss how to set up your Linux distribution with full-disk encryption, Secure Boot, and TPM2.0 integration (similar to BitLocker on Windows or FileVault on Mac).
Encrypt Linux LVM with Linux Unified Key Setup (LUKS) using Cockpit first appeared on 4sysops.
( 53
min )
Unveiling the Dark Side: A Deep Dive into Active Ransomware Families Author: Molly Dewis Intro Our technical experts have written a blog series focused on Tactics, Techniques and Procedures (TTP’s) deployed by four ransomware families recently observed during NCC Group’s incident response engagements. In case you missed it, our last post analysed an Incident Response […]
( 71
min )
Introduction If you are a pentester and enjoy tinkering with Windows, you have probably come across the following post by Raphael Mudge: Windows Access Tokens and Alternate Credentials In this post, he explains how the Windows program runas works and how the netonly flag allows the creation of processes where the local identity differs from […]
( 73
min )
Working with nested Docker containers has several use cases. In this article, I will discuss three methods to create a container inside a Docker container: Docker socket (Dood), dind tag, and Sysbox. You will learn about the advantages and disadvantages of each solution, and I will outline the downsides of nested containers.
Nested Docker containers: Run Docker in a Docker container first appeared on 4sysops.
( 54
min )
U.S. policymakers are increasingly encouraging and mandating public and private sector organizations to enhance their cybersecurity programs by adopting VDPs. Have you planned for a VDP in next year’s budget?
( 9
min )
When I first started diving into offensive Slack access, one of the best public resources I found was a blog post by Cody Thomas from back…
( 13
min )
Loki is an open-source log aggregation system developed by Grafana Labs and tailored for cloud-native and containerized apps. Loki is often used in conjunction with Grafana for log visualization. In this guide, I will explain how to install Loki and outline how you can integrate the log aggregation solution with Grafana.
Install Loki and visualize logs with Grafana first appeared on 4sysops.
( 50
min )
Do pentesting and bug bounties serve the same purpose or complement each other? Let’s explore the four different approaches to pentests and the key differences between bug bounty and pentesting.
( 10
min )
Clients can connect to VMs on a remote host via the VirtualBox Remote Display Protocol (VRDP) without the need to enable Remote Desktop (RDP) in the guest OS. This allows VirtualBox to be used to host virtual desktops that users can access from various clients.
Remote connect to VirtualBox VMs via RDP (VRDP) first appeared on 4sysops.
( 51
min )
Overview Android 14 introduced a new feature which allows to remotely install CA certificates. This change implies that instead of using the /system/etc/security/cacerts directory to check the trusted CA’s, this new feature uses the com.android.conscrypt APEX module, and reads the certificates from the directory /apex/com.android.conscrypt/cacerts. Inspired by this blog post by Tim Perry, I decided to create a […]
( 69
min )
Learn about cloud security and cloud penetration testing in Part 2 of Seth Art's interview with Cloud Security Podcast.
( 12
min )
Introduction In today’s digital environment, we encounter a mix of evolving cyber systems and the complexities they introduce. One notable influence in this space is artificial intelligence (AI), alongside associated technologies such as machine learning, which offer promising avenues for reshaping cyber strategies. Traditionally, cybersecurity has operated with definitive parameters, set boundaries, and post-event counteractions. … Continue reading AI in Cybersecurity: Bridging the Gap Between Imagination and Reality →
( 16
min )
HackerOne builds upon the foundation of bug bounty in our approach to AI Red Teaming.
( 10
min )
An emerging infostealer being sold on Telegram looks to harness generative AI to streamline cyber attacks on cloud services.
( 26
min )
Introduction
( 18
min )
The term “special relationship,” coined by Winston Churchill, describes the close, longstanding alliance between the United States and the United Kingdom. It has been applied to cooperation during war, to trade and commerce, and even to intelligence sharing. That special relationship has clearly influenced the two nations’ recent policy papers on national cybersecurity. The U.K. […]
The post Protecting Critical Infrastructure: A Tale of Two National Cybersecurity Strategies appeared first on Synack.
( 7
min )
Scoping Adventures is a series of blogs about some of the more interesting penetration tests that the Synack Customer Success teams have worked on over the last few months. Each blog outlines how we engage with the client to achieve the best results from a pentest. Pentesters love colors—red, blue, purple, black, white and grey […]
The post Scoping Adventures: How to Get the Most Out of Your Synack Pentesting appeared first on Synack.
( 11
min )
The Synack Platform & Five Pillars of Strategic Pentesting Why You Need to Think Strategically It’s no great revelation that tactics, techniques, and procedures utilized by nefarious hackers hacking activities are evolving on a daily basis. In 2022, 18,828 common vulnerabilities and exposures (CVEs) were published. At the same time, organization attack surfaces are expanding. […]
The post Applying Strategic Thinking in Your Pentesting Program appeared first on Synack.
( 7
min )
One week ago, the Biden administration unveiled its long-awaited U.S. National Cybersecurity Strategy, with an eye toward centralizing government cyber resources and holding IT vendors more accountable for their digital defenses. Now that the ink is dry on the 35-page document, top officials like Acting National Cyber Director Kemba Walden are busy putting it into […]
The post The U.S. has a new cybersecurity strategy. What’s next for CISOs? appeared first on Synack.
( 7
min )
