Covert TLS n-day backdoors: SparkCockpit & SparkTar In early 2024, Ivanti’s Pulse Secure appliances suffered from wide-spread... 2024-3-1 18:59:0 | 阅读: 12 | 收藏 | NVISO Labs - blog.nviso.eu backdoors network nviso sparktar ivanti

Top things that you might not be doing (yet) in Entra Conditional Access IntroductionIn this blog post, I focus on the top things that you might not be doing (yet) i... 2024-2-27 16:0:14 | 阅读: 14 | 收藏 | NVISO Labs - blog.nviso.eu entra microsoft security identities

Is the Google search bar enough to hack Belgian companies? In this blog post, we will go over a technique called Google Dorking and demonstrate how it can... 2024-1-22 16:0:0 | 阅读: 24 | 收藏 | NVISO Labs - blog.nviso.eu security robots attacker belgium

Deobfuscating Android ARM64 strings with Ghidra: Emulating, Patching, and Automating In a recent engagement I had to deal with some custom encrypted strings inside an Android ARM64... 2024-1-15 16:0:0 | 阅读: 31 | 收藏 | NVISO Labs - blog.nviso.eu ghidra pcode xorstring decrypted

Scaling your threat hunting operations with CrowdStrike and PSFalcon IntroductionMost modern day EDRs have some sort of feature which allows blue teamers to remo... 2023-12-13 16:0:0 | 阅读: 21 | 收藏 | NVISO Labs - blog.nviso.eu powershell psfalcon crowdstrike groupid

RPC or Not, Here We Log: Preventing Exploitation and Abuse with RPC Firewall Welcome, readers, to the first installment of our blog series “Preventing Exploitation and Abu... 2023-12-8 16:0:0 | 阅读: 22 | 收藏 | NVISO Labs - blog.nviso.eu windows 11d1 4b06 ab04

Data Connector Health Monitoring on Microsoft Sentinel IntroductionSecurity information and event management (SIEM) tooling allows security teams t... 2023-12-6 16:0:0 | 阅读: 17 | 收藏 | NVISO Labs - blog.nviso.eu microsoft monitoring security connectors

AI in Cybersecurity: Bridging the Gap Between Imagination and Reality IntroductionIn today’s digital environment, we encounter a mix of evolving cyber systems and... 2023-11-8 16:0:0 | 阅读: 22 | 收藏 | NVISO Labs - blog.nviso.eu security machine analysis threats

Generating IDA Type Information Libraries from Windows Type Libraries When working with IDA, a commonly leveraged feature are type information libraries (TIL). These... 2023-11-7 16:0:0 | 阅读: 24 | 收藏 | NVISO Labs - blog.nviso.eu til idaclang mscorlib library maxime

Introducing CS2BR pt. III – Knees deep in Binary IntroductionOver the span of the previous two blog posts in the series, I showed why the m... 2023-10-26 19:0:0 | 阅读: 23 | 收藏 | NVISO Labs - blog.nviso.eu cs2br brc4 ty scl

Most common Active Directory misconfigurations and default settings that put your organization at risk IntroductionIn this blog post, we will go over the most recurring (and critical) findings th... 2023-10-26 15:0:0 | 阅读: 21 | 收藏 | NVISO Labs - blog.nviso.eu security machine attacker encryption spooler

XOR Known-Plaintext Attacks In this blog post, we show in detail how a known-plaintext attack on XOR encoding works, and aut... 2023-10-12 15:0:0 | 阅读: 21 | 收藏 | NVISO Labs - blog.nviso.eu partial ciphertext kpa nviso keystream

A Beginner’s Guide to Adversary Emulation with Caldera Target AudienceThe target audience for this blog post is individuals who have a basic und... 2023-8-25 15:0:0 | 阅读: 26 | 收藏 | NVISO Labs - blog.nviso.eu emulation abilities security ttps agents

Introducing BitSight Automation Tool GlossaryIntroductionBitSightAutomationOperationsStructureInstallation... 2023-8-8 15:0:0 | 阅读: 27 | 收藏 | NVISO Labs - blog.nviso.eu bitsight subsidiary python entityone

Unlocking the power of Red Teaming: An overview of trainings and certifications NVISO enjoys an excellent working relationship with SANS and has been involved as Instructors an... 2023-7-31 15:0:0 | 阅读: 68 | 收藏 | NVISO Labs - blog.nviso.eu security eur costs certified development

The SOC Toolbox: Analyzing AutoHotKey compiled executables One day, a long time ago, whilst handling my daily tasks, an alert was g... 2023-7-20 15:0:0 | 阅读: 22 | 收藏 | NVISO Labs - blog.nviso.eu nicholas autohotkey security dhaeyer rcdata

Introducing CS2BR pt. II – One tool to port them all IntroductionIn the previous post of this series we showed why Brute Ratel C4 (BRC4) isn’t... 2023-7-18 00:0:22 | 阅读: 17 | 收藏 | NVISO Labs - blog.nviso.eu cs2br brc4 bofs entrypoint beacon

Transforming search sentences to query Elastic SIEM with OpenAI API (In the Blog Post, we will demonstrate a Proof-of-Concept on how to use a OpenAI’s Large Languag... 2023-5-30 17:48:53 | 阅读: 29 | 收藏 | NVISO Labs - blog.nviso.eu openai security penalty probability

Enforce Zero Trust in Microsoft 365 – Part 3: Introduction to Conditional Access This blog post is the third blog post of a series dedicated to Zero Trust security in Microsof... 2023-5-24 15:0:0 | 阅读: 37 | 收藏 | NVISO Labs - blog.nviso.eu microsoft security cloud enforce

Introducing CS2BR pt. I – How we enabled Brute Ratel Badgers to run Cobalt Strike BOFs If you know all about CS, BRC4 and BOFs you might want to skip this introduction and get right... 2023-5-15 15:0:0 | 阅读: 29 | 收藏 | NVISO Labs - blog.nviso.eu bofs brc4 entrypoint imports winapi