Month: May 2024

THREAT EMULATION: Introduction

by
This entry is part 4 of 7 in the series Red Team Engagements

Views: 34 Purpose of Threat Emulation Threat emulation is meant to assist security teams and organisations, in general, in better understanding their security posture and their defence mechanisms and performing due diligence in their compliance. These questions are addressed through cyber security assessments, mainly red team engagements, vulnerability assessments and penetration tests. Vulnerability assessments are … Read more

Decoding

by

Views: 10Most commonly used text encoding methods: Base64 Identifying Base64: base64 encoded strings are easily spotted since they only contain alpha-numeric characters. However, the most distinctive feature of base64 is its padding using = characters. The length of base64 encoded strings has to be in a multiple of 4. If the resulting output is only 3 characters long, for example, an extra = is … Read more

Code Obfuscation and Deobfuscation

by
IR_002
This entry is part 14 of 18 in the series Incident Response and Forensics

Views: 17Code Obfuscation is a technique used to make a script more difficult to read by humans but allows it to function the same from a technical point of view, though performance may be slower. This is usually achieved automatically by using an obfuscation tool, which takes code as an input, and attempts to re-write … Read more

Incident Response

by
This entry is part 12 of 2 in the series Digital Forensics and Incident Response

Views: 1Incident response, also known as incident handling, is a cyber security function that uses various methodologies, tools and techniques to detect and manage adversarial attacks while minimizing impact, recovery time and total operating costs. Addressing attacks requires containing malware infections, identifying and remediating vulnerabilities, as well as sourcing, managing, and deploying technical and non-technical … Read more

Remote Monitoring and Management software used in phishing attacks

by

Views: 14RMM software used in phishing attacks Remote Monitoring & Management (RMM) software, including popular tools like AnyDesk, Atera, and Splashtop, are invaluable for IT administrators today, streamlining tasks and ensuring network integrity from afar. However, these same tools have caught the eye of cybercriminals, who exploit them to infiltrate company networks and pilfer sensitive … Read more