Monitoring DNS requests with PowerShell

@CyberSift we're big fans of monitoring DNS. While there are malware campaigns out there which communicate directly with hard coded IP addresses, monitoring DNS is a good strategy for keeping tabs on what's going on in your environment. When it comes to monitoring windows hosts, Sysmon is an absolute must. There's tons of information out … Continue reading Monitoring DNS requests with PowerShell

Penetration Testing Techniques: Conducting effective recon for enhanced phishing (Office 365 edition)

This article describes a typical penetration testing / hacking scenario : gathering as many email addresses of a target company in order to carry out more effective phishing campaigns. Note this is only one possible approach out of many... In this particular example, we're picking on Kaspersky Labs, for no particular reason, just as an … Continue reading Penetration Testing Techniques: Conducting effective recon for enhanced phishing (Office 365 edition)

Pentesting gRPC-Web : Recon and reverse-engineering

gRPC-Web has reached General Availability! The official blog announcement can be found here: https://grpc.io/blog/grpc-web-ga gRPC makes leveraging Protocol Buffers extremely easy, and ProtoBufs in and off itself has some very good advantages over REST when it comes to performance and contract-based development. However so far ProtoBufs are used typically in the backend to facilitate inter-microservice … Continue reading Pentesting gRPC-Web : Recon and reverse-engineering

Pentesting gRPC / Protobuf : Decoding First steps

Protocol Buffers (a.k.a ProtoBuf) and other binary serialization representations are gaining popularity, especially in inter-microservice communication. Unlike JSON or HTTP, ProtoBufs are not human readable (hence the "binary" part of binary serialization) , but that translates into an advantage of  less overhead, leading to performance gains, and the ability to code against a fixed schema … Continue reading Pentesting gRPC / Protobuf : Decoding First steps

Android hacking tools update for Sept 2018

This article outlines a few "lessons learned" during an Android pen-test, specifically on which parts of my toolset I needed to update to accommodate newer android versions (Android v7+) MultiDex support One of the standard pen-test techniques is to decompile the App's source code. Typically this is done by converting the APK DEX code to … Continue reading Android hacking tools update for Sept 2018

First steps in writing a custom OWASP ZAP extension

OWASP ZAP is a very popular attack proxy typically used in Web Application penetration tests. Think "Open Source BurpSuite", and that's ZAP in a nutshell. It has become my go-to tool for penetration tests, and it definitely is a fantastic piece of software that ticks all my boxes - except one. The problem : Note taking … Continue reading First steps in writing a custom OWASP ZAP extension

Cyber Security: Sparse coding and anomaly detection

I've recently published the thesis I wrote in fulfillment of my Masters in Computer Security, entitled BioRFID: A Patient Identification System using Biometrics and RFID Anyone interested can download and read the whole thesis here: https://www.researchgate.net/publication/317646400_BioRFID_A_Patient_Identification_System_using_Biometrics_and_RFID In this article I'll give an extremely compressed version of the thesis and how the work therein can be … Continue reading Cyber Security: Sparse coding and anomaly detection