Blog

by Excellium SA Excellium SA No Comments

Abusing macro to get code execution from a Word document

In order to gain initial access as part of a red team exercise, phishing is a very popular approach. A convincing scenario must be found to entice the targets to download and run the malicious file on their laptop. Using a Word document with a macro that launches the malware is a good way to create a legitimate scenario and build target confidence. However, it is necessary to work ahead of time on the macro to avoid defensive measures. For the following, we will choose to target an up-to-date Windows 10 version with all default settings. We will then see what we need to do for our macro to be recognized as legitimate.

Read more

by Excellium SA Excellium SA No Comments

SIEM vs SOC vs CFC: What is the difference?

In today’s article, we discuss SIEM, SOC and CFC.

Cyber threats have grown significantly over the last decade. From simple malware to complex advanced persistent threat groups. Threat actors have progressed significantly, they are constantly improving their methods and techniques to breach security controls causing massive damage and disruptions.

Read more

by Excellium SA Excellium SA No Comments

Armacell: Speeding Up Incident Response and Recovery with Azure Sentinel

Armacell: Speeding Up Incident Response and Recovery with Azure Sentinel

Armacell is a global manufacturing company, providing flexible insulation foams for the equipment insulation market. As a growing company relying increasingly on the cloud, they need fortifying their defence against security threats. As part of that initiative, they needed a partner that could manage threat identification and incident response with them — and that’s where Excellium came in. Building their solution on Azure Sentinel, Excellium will help Armacell with a cost-effective approach to event collection and collation, threat detection, incident investigation, and rapid response. Read on for the details. Read more

by Excellium SA Excellium SA No Comments

Continuous deployment: applying security for web application development

The rise of Continuous deployment

With the rise of the Continuous Deployment[1]https://www.atlassian.com/continuous-delivery/continuous-deployment activity, the frequency at which web applications (website, API, etc.) are deployed has significantly increased. Nowadays it is common to see companies deploying a new version of a web application several times a weeks/months[2]https://cloud.google.com/blog/products/devops-sre/another-way-to-gauge-your-devops-performance-according-to-dora.

Read more

by Excellium SA Excellium SA No Comments

Risks linked to external dependencies

Nowadays, most of the software is based on external components that are created and maintained by external entities. External components are also named “third-party” components and can be, for example, a library. The objective is, most of the time, to delegate specific operations to dedicated components. This facilitates the maintenance of the main application and lets the developers focus on the code providing the business features. The type of operation performed by a component can be, for example, Processing of specific file format, logging, handling of business data formats (e.g., SWIFT) and so on.

Read more

by Excellium SA Excellium SA No Comments

The art of hiding secrets in plain sight with base64 padding steganography

The technique of hiding information in public data is called steganography. The Base64 encoding uses 0-padding when encoding data. It is possible to hide information in this padding, as it is disregarded upon decoding. For efficiently hiding larger amounts multiple strings need to be encoded as one Base64-encoded string can contain 4, 2 or 0 bits of secret text. This article explains the technique, provides a python code for hiding and retrieving the information and shows performance information about the method.

Read more

Top