Security Analysis

We recommend you to read our previous post to get better understanding of the CVE analysis Research project. As part of this post, we will cover deep dive into CVE-2022–46169. About Product Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. Vulnerability …

In this writeup we will be analyzing a email to determine whether it was a phishing attempt or not. We will only use a mail client(You can use any you like) and avail Threat intel platforms like virustotal and cisco talos intelligence Scenario Your email address has been leaked and you…

We have an Incident related to Log4j activities escalated by L1 Analyst. Vulnerability Log4j2 versions 2.0-beta9 through 2.15.0 (excluding 2.12.x after 2.12.1) are vulnerable to remote code execution using its LDAP (Lightweight Directory Access Protocol) JNDI parser. An attacker who can control log messages or log message parameters can execute arbitrary…

By Nati Tal (Guardio Labs) Following Part 1 in which we uncovered the enormous scale and efficiency of this malvertising campaign, in this part we dig deeper into the malware itself. …

This is just a short writeup showcasing event logs analysis Attack Simulation : We will create a compromise scenario. A Metasploit reverse shell executable will be run on the victim endpoint and a reverse shell will be gained on the attacker machine . We will then escalate our privileges to nt authority we start…

Hello guys, i will be solving an incident response case on letsdefend platform which provides a simulated SOC corporate environment. We will investigate a windows server 2019 infected by DogWalk 0DAY vulnerability which was recently publicly announced by Microsoft and also received cve: CVE-2022–34713. Here the L2(IR) alert escalated by…

Hi guys, i made this windows memory forensics challenge which was published on letsdefend. I am writing this writeup in the intended way to solve the challenge using volatility 3. We will learn to analyse windows processes and find hidden malware among the processes. …

Introduction Web Servers hosting websites, developed internally by organizations or 3rd party services, experience a load of attacks when hosted publicly (sometimes internally too). The attacker payloads can make their way through WAFs and exploit the web application as well as the underlying server infrastructure. OSQuery can be leveraged to detect…

Return on Equity is one of the key performance metrics evaluated while reviewing the fundamentals of a company. While it involves little judgement and is easy to compute, in this article, I’m going to look beyond the ratio to gain an intuitive and deeper understanding about what it really conveys…