OUR LATEST RESEARCH
BSides Edinburgh 2017 Crypto Contest Write Up
Recently, at the inaugural BSides Edinburgh, Ben Turner and I made the trek up to Edinburgh to see our colleague Neil Lines present his talk “The Hunt for The Red DA”. I can’t say that I am a massive [...]
A quick analysis of the latest Shadow Brokers dump
Just in time for Easter, the Shadow Brokers released the latest installment of an NSA data dump, which contained an almost overwhelming amount of content - including, amongst other things, a number of Windows exploits. [...]
Carbon Black – Security Advisories: CVE-2016-9570, CVE-2016-9568 and CVE-2016-9569
Nettitude have discovered three vulnerabilities in Carbon Black; CVE-2016-9570, CVE-2016-9568 and CVE-2016-9569. Two of these have been patched at the time of writing. CVE-2016-9570 Module: cb.exe (SRC-149) Version: 5.1.1.60603 Bug Type: Read-Out-Of-Bounds Impact: DoS Prerequisites: Hijack NetMon [...]
Effectively analysing sysmon logs
We previously covered setting up and using sysmon (System Monitor), which is part of the Sysinternals suite from Microsoft. In this article, we’ll walk through analysing the logs using Microsoft’s LogParser utility. […]
Putting attackers in hi vis jackets with sysmon
Background Sysmon (short for system monitor) has been part of the Sysinternals suite for several years. It comprises kernel-mode driver and a Windows service that monitors system events and writes those to Windows event logs. [...]