Newsletter

by adidionxlm adidionxlm No Comments

Excellium services newsletter : OSINT: Open Source Intelligence

The world of intelligence assessment is divided into multiple parts. For example, the SIGINT, or signal intelligence is the fact of collecting information or data via signals (Mobile network, Wi-Fi, radar, radio…). Another part is the HUMINT, for human intelligence. This part is related to information that can be extracted from human, with discussion for example.
This newsletter will deep dive into another part: the open source intelligence.

Read more

by adidionxlm adidionxlm No Comments

Excellium services newsletter : Office 365, Azure Active Directory and the Incident Response

Microsoft is the de facto leader when it comes to the enterprise infrastructure. Recently, we have seen an increasing number of companies shifting from on premises to cloud based solutions, entrusting Microsoft’s with their data but also the burden to manage their infrastructure. With Azure and Office 365, less assets are needed on premises, so the time and cost needed to administrate them is also reduced. Active Directory, Exchange, day-to-day applications (OneDrive, Skype for Business, Office …) are all manageable in the cloud with just a few clicks and the integration with Microsoft’s single-sign-on solution make them work seamlessly.

The promises are attractive, but how do you protect access to your business data? And what happens if an account is compromised, can you really assess the extent of a breach?

Read more

by adidionxlm adidionxlm No Comments

Excellium services newsletter : Cloud adoption

Nowadays more and more organizations are choosing cloud services for their operations.

Software publishers spotlights their solutions in I-P-S aaS models and they no longer automatically offer on-premises products. Indeed, challenges and issues of the Day for organizations are to reduce IT operating costs, increase collaborators’ mobility, while maintening availability of their business services.

In this context of relative outsourcing, cloud computing must be considered as a form of outsourcing, but risks and security measures are different from classic outsourcing.

Read more

by adidionxlm adidionxlm No Comments

Excellium services newsletter : Content-Security-Policy header

Since the web 2.0, website use more code and resources on client side. This is due to the large number of JavaScript library which allow to have beautiful website with animation and live updating. The JS is present on most website. To use this JS, when the browser downloads the html page, it looks if it need to load other resources like images, style sheet or JS. When all elements are loaded, the browser render the website and run the JS on the client computer.

Read more

by adidionxlm adidionxlm No Comments

Threat Landscape Report – S21sec – First semester 2019

Cybersecurity has become one of the main concerns of Management Committees and management teams.

Inline with the SONAE IM’s cybersecurity strategy, Excellium and S21Sec are partnering in the cybersecurity space to offer you a six-month report explaining those existing threats that may jeopardize the safety of companies and individuals.

Read more

by adidionxlm adidionxlm No Comments

Excellium services newsletter : Password Stealers

Password Stealers refers to features in malware or a family of malware, around for more than a decade now. The antivirus may detect them as Password Stealers (PWS), Passwords (PSW) or Information Stealer. These kind of malware are legions. Some, like Pony, may be well known, but others like Azorult or Diamond Fox are almost unknown.

Read more

by adidionxlm adidionxlm No Comments

Excellium services newsletter : CSV Injection / Formula injection

Since the beginning of the 21th century, attackers use macro on Office files in order to infect their victims. Macros allow code execution on victim’s workstation, the VBA script used is more often obfuscated in order to make more difficult the analysis by antivirus and reverser. After this massive use of macro, this one was disable by default, asking the user if he wants to execute it and warning it in case of file downloaded from internet or not signed. This way is still used by attacker but more often caught by antivirus and web or mail gateway.

Read more

by adidionxlm adidionxlm No Comments

Excellium Services Newsletter : Android mobile application cloning

Over the years, the popularity of Android-based mobile devices has significantly grown and has become the most popular device type sold to the public in July 2018, with around 77% of the market shares[1]. This success implies companies have developed many applications for this mobile operating system, in order to provide attractive business services to this new consumer population. In parallel, this growth of applications on the Google Play Store has appealed attackers because of the possibilities in terms of attacks surfaces and the benefits that can be obtained.

Read more

by adidionxlm adidionxlm No Comments

Excellium Services Newsletter December 2018 The Ghosts in the Forest, part III

Finally, it is time to open the final chapter of this newsletter about persistence in Active Directory. In the first two parts, we have focused mainly on attacks against Windows authentication. This last part covers some of the various ways in which the attackers can abuse legit tools to persist undiscovered inside your infrastructure. We will also describe methods used to steal the Domain Controllers data, and take a detour on the way out of the Forest to have one last look at the Securable Objects and their Access Control Lists.

Read more

Top