On January 29th, I attended my first CTF (capture the flag) competition: the Insomni’hack teaser.Based on my skills, I decided to go for the challenge called Vault which consists of a web-based vault of five pages: a home page, one where you can see the key/value pair you entered after logging in, a page for…
Read MoreWe decided to carry out an evaluation of Elastic’s EDR using the APT Simulator (https://github.com/NextronSystems/APTSimulator) tool. This tool is widely used within the cyber security community and is highly reputed, as it was developed by Florian Roth, who also created the Sigma Rule project. APT Simulator is a Windows Batch script that uses a set…
Read MoreWithin our Attacker Centric Security Operation Center, we look for the best detection rules every day to help you detect attack scenarios. One of the most important projects that we use as a source in this area is without doubt that of Sigma Rule (https://github.com/SigmaHQ/sigma). The project, founded by Florian Roth (https://www.linkedin.com/in/floroth/), has almost 300…
Read MoreOne of the important elements of Cyber Threat Intelligence activity is the verification of IoCs (Indicators of Compromise) that can identify threats that can create an impact on your organization. In parallel to our OSINT and Cyber Threat Intelligence SATAYO platform we have implemented the SATAYO IoC database which currently has about 900,000 elements. Among…
Read MoreIn this second post on the Exposure Assessment topic we’ll start from the end! We’ve just put into production, within our OSINT & Cyber Threat Intelligence SATAYO platform, an internal search engine that aims to simplify the search for evidence within the platform itself. This is a development that has been particularly requested by those…
Read MoreAt Wuerth Phoenix, we recently introduced a security-focused guild, and decided to attend our first security CTF (Capture The Flag) challenge: RomHack CTF 2021. After panicking initially (there were really difficult challenges!) we stayed calm, and managed to solve the table of contents challenge in the ‘pwn’ category, which made our team finish in 21st…
Read MoreThis is the first in a series of articles that aims to technically describe the various objects collected within our Exposure Assessment activity, based on our OSINT & Cyber Threat Intelligence SATAYO platform. Its functionalities and the elements make it a fundamental tool for all organizations wishing to continuously monitor their exposure within public domain…
Read MoreIn this article we will see together how to perform an analysis of a site present on the Dark Web and more precisely of a site present within the Tor network. Our point of reference will be the site of the Avos ransomware gang, which has just started its cyber criminal activity a few weeks…
Read MoreThe goal of this article is to present the point of view of the Red Team SEC4U at Würth Phoenix regarding the ominous PrintNightMare vulnerability that has been talked about so much in recent days. A summary for those who did not receive hardly any information about this: it’s a weakness in the Microsoft Windows…
Read MoreI’m writing this article with the goal of summarizing the events of recent days concerning the zero-day vulnerability that has struck Microsoft Exchange installations, and to provide some useful information to help you understand how the attack began, how it developed, and what we should expect in the immediate future. First of all, a quick…
Read More