With ransomware and wiperware being the criminals choice of earning a quick buck, having a secure backup is more important than ever. But what happens when resilience fails? and you risk losing your backups. This post discusses the attempted recovery of OSX’s Timemachine, after it has become faulty. This post…

One of the most popular WSGI utility frameworks for Python is Werkzeug. It simplifies the handling of HTTP connections within your Python application but also provides a powerful debugger that permits one to execute code from within the browser. While the provided link warns those to not enable the debugger…

What is Railgun? Railgun is a very powerful post exploitation feature exclusive to Windows Meterpreter. It allows you to have complete control of your target machine’s Windows API, or you can use whatever DLL you find and do even more creative stuff with it. It can even be used to bypass Anti-Virus by…

Recently we have been helping SME’s increase their cyber detection capabilities, with some Open Source and freely available tools. In this…

Another day, another breach. But this time an unsecured mongodb instance in the cloud. https://www.scmagazineuk.com/veeam-mongodb-left-unsecured-440-million-records-exposed/article/1492715 What is Mongodb MongoDB stores data in flexible, JSON-like documents, meaning fields can vary from document to document and data structure can be changed over time. Enabling users to perform ad-hoc queries, indexing and data aggregation in real-time.

Centre of Information Security (CIS) for Amazon Web Services has a networking section and two points related to security management of AWS firewalls or security groups. More specifically section 4 Networking has two checks for unrestricted ingress on TCP ports 22 (SSH) and 3389 (RDP). …

Below we walk though a very simple example of writing your own serverless code / Lambda functions from a Linux workstation. Lambda Languages AWS Lambda currently supports the following languages: C# versions 1,2, & 2.1 Go version 1 Java version 8 Node versions 4, 6 & 8 Python versions 2 & 3 …

Modern day cyber-criminals and legitimate Red-Teaming are increasingly using cyber squatted domains (including bitsquatting and homoglyphs) to register a domain that is very similar to the victim/targets’s corporate domain: www.companyname.com (legitimate domain) may become any number of: www.companyname.online www.company-group.com www.company.co.uk www.c0mpany.com These (or similar domains) are often intentionally chosen to…

A new technique to crack WPA PSK (Pre-Shared Key) passwords. In order to make use of this new attack you need the following tools: hcxdumptool v4.2.0 or higher hcxtools v4.2.0 or higher hashcat v4.2.0 or higher This attack was discovered accidentally while looking for new ways to attack the new…