Like all good researchers, we publish our findings for everyone’s benefit. The articles here evidence our commitment to technical excellence and the breadth of the disciplines we cover.
In my previous blog post, I wrote about how I found a Gatekeeper bypass vulnerability in how archive files are unpacked with Archive Utility. This post analyses the issue in more detail.
Read more
When extracted by Archive Utility, file paths longer than 886 characters would fail to inherit the com.apple.quarantine extended attribute, making it possible to bypass Gatekeeper for those files.
Read more
During adversarial simulation exercises we often have to solve complex problems with novel techniques. More often than not it is the solution to these problems that drives progress.
Read more
In late February 2021, F-Secure’s Managed Detection and Response (MDR) service identified the execution of SystemBC malware as part of a hands on keyboard crimeware intrusion.
Read more
In the previous lab, we learnt that with read-only permissions, we can still read Azure Logic App Workflow definitions to search for sensitive information.
Read more
In the final part of F-Secure Consulting's Attack Detection Fundamentals workshop series for 2021, we covered a walkthrough of an end-to-end kill chain in Azure.
Read more
In the final part of F-Secure Consulting's Attack Detection Fundamentals workshop series for 2021, we covered a walkthrough of an end-to-end kill chain in Azure.
Read more
Reversing Engineering on zOS has some challenges - one of the biggest is attempting to get started.
Read more
In part three of F-Secure Consulting's Attack Detection Fundamentals workshop series for 2021, we covered an end-to-end kill chain, from initial access and discovery using some 'compromised' credentials, through to the installation of persistence and the...
Read more
In part three of F-Secure Consulting's Attack Detection Fundamentals workshop series for 2021, we covered an end-to-end kill chain, from initial access and discovery using some 'compromised' credentials, through to the installation of persistence and the...
Read more
In part three of F-Secure Consulting's Attack Detection Fundamentals workshop series for 2021, we covered an end-to-end kill chain in AWS, from initial access and discovery using some 'compromised' credentials, through to the installation of persistence...
Read more
Figure 1: Poisoning attack in the lifecycle of a machine learning modelThere are two different sub-goals for a data poisoning attack:
Read more