Is Ransomware a Threat to Your Organisation?
A ransomware attack is a type of malicious cyberattack in which the attacker encrypts the victim’s data and demands a ransom payment in exchange for the decryption key. Ransomware is a form of malware (malicious software) that, once infiltrated into a computer system or network, encrypts files or entire systems, rendering them inaccessible to the… Continue reading Is Ransomware a Threat to Your Organisation?
Penetration Testing: Unravelling the Anatomy
In an era where the digital landscape is riddled with threats and vulnerabilities, organisations must be proactive in safeguarding their information systems. Penetration testing, often known as ethical hacking or pen testing, is a vital practice in the world of cybersecurity. It allows organisations to assess their security posture, identify vulnerabilities, and fortify their defences.… Continue reading Penetration Testing: Unravelling the Anatomy
Upgrading from AppLocker to Windows Defender Application Control (WDAC)
Windows Defender Application Control (WDAC), formerly known as Device Guard, is a Microsoft Windows secure feature that restricts executable code, including scripts run by enlightened Windows script hosts, to those that conform to the device code integrity policy. WDAC prevents the execution, loading and running of unwanted or malicious code, drivers and scripts. WDAC also… Continue reading Upgrading from AppLocker to Windows Defender Application Control (WDAC)
Bypassing CrowdStrike Endpoint Detection and Response
In a recent engagement I had to compromise a hardened desktop running CrowdStrike and Symantec Endpoint Protection. The initial code execution method was my reliable favourite MSBuild (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe) which could be leveraged to execute C# code as an inline task. Initially I wrote a very basic loader that used a bruteforce decryption algorithm to run… Continue reading Bypassing CrowdStrike Endpoint Detection and Response
Using Zeek to detect exploitation of Citrix CVE-2019-19781
Using the tool Zeek, formally known as bro, is a high-level packet analysis program. It originally began development in the 1990s and has a long history. It does not directly intercept or modify traffic, rather it passively observes it and creates high-level network logs. It can be used in conjunction with a SIEM to allow… Continue reading Using Zeek to detect exploitation of Citrix CVE-2019-19781