Over recent years, Info stealer malware, also called infostealers, has grown as a formidable adversary for businesses worldwide, particularly in Australia. These malicious software programs are designed to infiltrate networks, stealthily collect sensitive data, and transfer it to cybercriminals who use it for financial gain, espionage, or other illicit activities. As Australian enterprises increasingly rely… Continue reading Infostealers – The Risk Continues to Grow

Building an effective cyber security strategy is no longer optional for medium to large businesses in today’s digital world. Businesses face an increasing threat to their systems, their data and criminal behaviour. Australian companies face not just local threats but a global spectrum of cyber risks, including data breaches, malware, ransomware, and phishing attacks. A… Continue reading Building an Effective Cyber Security Plan

Stealer malware, or information-stealing malware, is a type of malicious software designed to gather sensitive information typically targeting personal, financial, or business-related data. The data collected could include passwords, financial information, corporate data, and personal identification details. Once installed, this malware operates discreetly, often without triggering any noticeable alarms, making it particularly dangerous. The functionality… Continue reading The Rise of Info Stealer Malware: A Growing Threat to Businesses

A ransomware attack is a type of malicious cyberattack in which the attacker encrypts the victim’s data and demands a ransom payment in exchange for the decryption key. Ransomware is a form of malware (malicious software) that, once infiltrated into a computer system or network, encrypts files or entire systems, rendering them inaccessible to the… Continue reading Is Ransomware a Threat to Your Organisation?

AWS is an incredibly powerful cloud platform that enables businesses to quickly and efficiently deploy a wide range of software and services to end users.  This feature-rich environment does of course increase the attack surface that bad actors have to exploit, especially when combined with lax configurations and poorly designed APIs. In this blog post,… Continue reading When it all goes wrong on AWS – how an SSRF can lead to full control of your EC2 infrastructure

All Active Directory user account password hashes are stored inside the ntds.dit database file on the Domain Controllers. However, if you have ever tried copying the file, you’ll probably have received the following error message. Well as it turns out, the LSASS process has already opened the file, and when it called CreateFileW to open… Continue reading Dumping Active Directory Credentials

Starting with Windows 8.1 (and Server 2012 R2) Microsoft introduced a feature termed LSA Protection. This feature is based on the Protected Process Light (PPL) technology which is a defense-in-depth security feature that is designed to “prevent non-administrative non-PPL processes from accessing or tampering with code and data in a PPL process via open process… Continue reading Bypassing LSA Protection (aka Protected Process Light) without Mimikatz on Windows 10

In a recent engagement I had to compromise a hardened desktop running CrowdStrike and Symantec Endpoint Protection. The initial code execution method was my reliable favourite MSBuild (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe) which could be leveraged to execute C# code as an inline task. Initially I wrote a very basic loader that used a bruteforce decryption algorithm to run… Continue reading Bypassing CrowdStrike Endpoint Detection and Response

This blog post will provide an overview of the methods available to force NTLM authentication to a rogue server, and capture or relay the credential material. These attacks can be leveraged to escalate privileges within an Active Directory domain environment. I like to look at these attacks as having 3 stages which are: Positioning a… Continue reading Capturing and Relaying NTLM Authentication: Methods and Techniques

On Windows a privilege is the right of an account, such as a user or group account, to perform various system-related operations on the local computer. There are 36 privileges defined in the Privilege Constants although a number are used internally by the operating system. There are a number of privileges that are considered game over, in… Continue reading Game Over Privileges