With Great Research Comes Great Responsibility.

Welcome to our research and development platform: F-Secure Labs. Here we dissect industry news and trends, publish research, and share our tools with the security community.

The Fake Cisco

By Dmitry Janushkevich on 15 July 2020

In fall 2019, an IT company found some network switches failing after a software upgrade. The company would find out later that they had inadvertently procured suspected counterfeit Cisco equipment. The hardware failure initiated a wider investigation to which the F-Secure Hardware Security team was called and asked to analyse the suspected counterfeit Cisco Catalyst 2960-X series switches and, primarily, provide evidence as to whether any kind of a "backdoor" functionality existed in those devices.


This paper details the process which led to the conclusion and aims to share the technical knowledge the team gained during this journey.

Read more

Rethinking Credential Theft

By Robert Bearsby and Timo Hirvonen on 14 February 2020

Read more

Publications

Threat Intelligence Report: Lazarus Group Campaign Targeting the Cryptocurrency Vertical

Aug 25th, 2020

The Fake Cisco

Jul 15th, 2020

U-Booting securely

May 6th, 2020

Forging SWIFT MT Payment Messages for fun and pr... research!

By Oliver Simonnet on 7 February 2020

Read more

Xiaomi Mi9 (Pwn2Own 2019)

By Mark Barnes and Toby Drew on 14 April 2020

Read more

Tools

The following are recent tools published by F-Secure Labs.

Read more

Latest Tools

Metasploit Modules for RCE in Apache NiFi and Kong API Gateway

Two exploit modules for the Metasploit framework to assist consultants in verifying vulnerabilities when encountering Kong API Gateway and Apache NiFi on network security assessments.

awspx

auspex [ˈau̯s.pɛks] noun: An augur of ancient Rome, especially one who interpreted omens derived from the observation of birds.

C3

Attackers must establish command and control (C2) to gain influence within their target environments in order to pursue their goals and objectives.

See all

var/log/messages

Sniff, there leaks my BitLocker key

Dec 21st, 2020

sysdiag-who?

Dec 1st, 2020

Detecting Cobalt Strike Default Modules via Named Pipe Analysis

Nov 20th, 2020

Using and detecting C2 printer pivoting

Nov 2nd, 2020

Jamfing for Joy: Attacking macOS in Enterprise

By Calum Hall and Luke Roberts on 17 April 2020

On 13th March 2020, Calum Hall and Luke Roberts gave a talk titled "An Attacker’s Perspective on Jamf Configurations" at the 3rd edition of Objective By The Sea, held on the beautiful island of Maui, Hawaii.

This blog post is designed to complement the conference talk, and can be used as a reference when performing attacks against organisations utilising Jamf. We’ve even added in a few extra bits that we weren’t able to fit into the talk too!

This post marks the release of the Jamf Attack Toolkit

Read more