Malware Is Changing Daily! Are You Still Protected?

A look at recent malware techniques One of the biggest challenges in detecting and protecting against malware is that attackers continually change their techniques and behaviours. We have observed some interesting activities recently that are worth discussing in more detail. Office macro security bypass  Traditionally, when malware is embedded into Microsoft Office documents, it will […]

Loading A Weaponised Interactive PowerShell Session With Metasploit

PowerShell is rapidly becoming the go to post exploitation method for hackers, with a plethora of awesome PowerShell tools such as PowerSploit, PowerUp, PowerView and Nishang, to name a few. The standard PowerShell environment can be quickly extended into a hacker’s delight. These ‘tools’ are written entirely in PowerShell and do not touch disk (largely) […]

QNAP NAS – Remote Unauthenticated User to Admin Shell: Part 2

tl;dr A number of security vulnerabilities have been identified in two applications hosted on the QNAP App Center. When combined it is possible for a remote unauthenticated user to gain interactive remote administrative access and take full control of the device. Introduction In the previous blog post, it was shown that the Logitech Media Server […]

Verizon Data Breach Report 2015

A high level summary of the main findings from the cyber security industry’s favourite data driven report. As usual, the report is an easy read packed with analysis and information that is appetising and relevant. The key concerns centre on the age old favourite threat scenarios of patch management and phishing attacks. An attempt to […]

QNAP NAS – Remote Unauthenticated User To Admin Shell: Part 1

tl;dr A number of security vulnerabilities have been identified in two applications hosted on the QNAP App Centre. When combined, it is possible for a remote unauthenticated user to gain interactive remote administrative access and take full control of the device. Introduction As a security professional you are constantly sharpening your skills; investigating a new […]

Network Security Monitoring With Bro IDS, TCPDump And MongoDB

Bro IDS is a powerful open source network security monitoring framework which I have had the opportunity to experiment with on a network monitoring server. It can log metadata for well known protocols such as HTTP, DNS and SMTP, as well as extract files it sees being transferred in these protocols. It logs all its […]