This article describes a typical penetration testing / hacking scenario : gathering as many email addresses of a target company in order to carry out more effective phishing campaigns. Note this is only one possible approach out of many... In this particular example, we're picking on Kaspersky Labs, for no particular reason, just as an … Continue reading Penetration Testing Techniques: Conducting effective recon for enhanced phishing (Office 365 edition)
gRPC-Web has reached General Availability! The official blog announcement can be found here: https://grpc.io/blog/grpc-web-ga gRPC makes leveraging Protocol Buffers extremely easy, and ProtoBufs in and off itself has some very good advantages over REST when it comes to performance and contract-based development. However so far ProtoBufs are used typically in the backend to facilitate inter-microservice … Continue reading Pentesting gRPC-Web : Recon and reverse-engineering
OWASP ZAP is a very popular attack proxy typically used in Web Application penetration tests. Think "Open Source BurpSuite", and that's ZAP in a nutshell. It has become my go-to tool for penetration tests, and it definitely is a fantastic piece of software that ticks all my boxes - except one. The problem : Note taking … Continue reading First steps in writing a custom OWASP ZAP extension
Maybe the link between your smartphone keyboard and current machine learning research in cybersecurity is not apparent at first glance, but the technology behind both is extremely similar: both leverage deep learning architectures called Recurrent Neural Networks [RNNs], specifically a type of RNN called Long Short Term Memory [LSTM]. One of the main advantages of … Continue reading What do Smartphone Predictive Text and Cybersecurity have in common?
DNS is a great source of information for security analysts… if you’re not already monitoring DNS activity in your network — you should start asap, for the reasons we’ll explore in this article DNS is one of the major workhorses that powers the Internet. Everything uses DNS — browsers, apps, updates… and malware. Almost every malware needs to “phone … Continue reading Threat hunting using DNS indicators
At CyberSift we strive to turn threat data into threat intelligence. These two are not one and the same, there is a subtle difference which we can summarize succinctly as follows: threat data + context = threat intelligence One of the best ways to add context to alerts that get sent to a security analyst … Continue reading Using Twitter as a source of Indicators of Compromise
In a very interesting article on TechCrunch, Michael Schiebel writes about the various ways in which security analysts can learn from data scientists. He makes a couple of points that are worth highlighting. Today, hacking is a much more complex art than it used to be: It no longer only involves just scanning and penetrating … Continue reading The importance of data mining in the field of cybersecurity