Newsletter

by adidionxlm adidionxlm No Comments

Excellium services newsletter : CSV Injection / Formula injection

Since the beginning of the 21th century, attackers use macro on Office files in order to infect their victims. Macros allow code execution on victim’s workstation, the VBA script used is more often obfuscated in order to make more difficult the analysis by antivirus and reverser. After this massive use of macro, this one was disable by default, asking the user if he wants to execute it and warning it in case of file downloaded from internet or not signed. This way is still used by attacker but more often caught by antivirus and web or mail gateway.

Read more

by adidionxlm adidionxlm No Comments

Excellium Services Newsletter : Android mobile application cloning

Over the years, the popularity of Android-based mobile devices has significantly grown and has become the most popular device type sold to the public in July 2018, with around 77% of the market shares[1]. This success implies companies have developed many applications for this mobile operating system, in order to provide attractive business services to this new consumer population. In parallel, this growth of applications on the Google Play Store has appealed attackers because of the possibilities in terms of attacks surfaces and the benefits that can be obtained.

Read more

by adidionxlm adidionxlm No Comments

Excellium Services Newsletter December 2018 The Ghosts in the Forest, part III

Finally, it is time to open the final chapter of this newsletter about persistence in Active Directory. In the first two parts, we have focused mainly on attacks against Windows authentication. This last part covers some of the various ways in which the attackers can abuse legit tools to persist undiscovered inside your infrastructure. We will also describe methods used to steal the Domain Controllers data, and take a detour on the way out of the Forest to have one last look at the Securable Objects and their Access Control Lists.

Read more

by adidionxlm adidionxlm No Comments

Excellium services newsletter November 2018 The Ghosts in the Forest, part II

In the previous part of this newsletter, we had a look on various shenanigans an attacker can pull to achieve persistence in your infrastructure. Abusing windows permissions, either through direct group memberships, or by more subtle means such as the AdminSDHolder or SID history properties. We also had a quick peek at Windows authentication most famous attacks, the golden and silver tickets.
We are now going to venture deeper in the forest, and pursue this line of investigation on authentication.

Read more

by adidionxlm adidionxlm No Comments

Excellium services newsletter October 2018 The Ghosts in the Forest, part I

The Cyber Kill Chain, developed by Lockheed Martin, is probably the intrusion-based framework the most referred to by cyber security players when it comes to describing the lifecycle of an attack. Red teams will often use it to plan their intrusion attempts and to translate their hit-and-miss in their final storytelling reports. Blue teams, on the other hand, will focus on each step of the Kill Chain to implement specific countermeasures in an attempt to detect, thwart or at least slowdown attacks at their different stages.

Read more

by adidionxlm adidionxlm No Comments

Excellium services newsletter September 2018 – Cloud Security: Threats and Risks

Cloud-based computing has increased in popularity over recent years, and the growth shows no sign of slowing. Although the expression ‘cloud’ is sometimes used vaguely, it has been precisely defined by NIST Special Publication 800-145. The definition includes five essential characteristics, three service models, and four deployment models. All five essential characteristics must be present for a set-up to be considered as cloud computing. This definition is widely accepted, including by the CSSF in Luxembourg (Circular 17/654).

Read more

by adidionxlm adidionxlm No Comments

Is your password policy efficient enough? – Newsletter Excellium August 2018

Passwords are everywhere in the company, you may need it to manage the access control to resources, accounts or systems. The requirements regarding the management of passwords are based on complexity and policy. Both criteria ensure the quality and strength of the password, therefore the security of the protected resources… but does it really in practice?

Read more

Top