Like all good researchers, we publish our findings for everyone’s benefit. The articles here evidence our commitment to technical excellence and the breadth of the disciplines we cover.
Source: [7] and [8]Sniffing SPI busSerial Peripheral Interface (SPI) is a synchronous serial communication protocol supporting full-duplex communication with high-speed clock frequencies. It uses master-slave architecture, where the master device always initiates the communication.
Read more
sysdiagnose is a utility on most macOS and iOS devices that can be used to gather system-wide diagnostic information. Currently on version 3.0, sysdiagnose collects a large amount of data from a wide array of locations...
Read more
During recent years, the Cobalt Strike framework has gained significant popularity amongst red teamers and threat actors alike. Its functionality, flexibility and stability make it the state of the art when it comes to commercially available...
Read more
IntroductionThis post introduces the novel concept of Command & Control (C2) using print jobs, and demonstrates how this can be achieved using C3's Print channel.
Read more
In this second blog post, we will continue to share actionable detection insights for blue teams to defend their organization against the Advanced Persistent Threat (APT) group – Lazarus Group.
Read more
F-Secure looked into exploiting the Samsung S20 device for Tokyo Pwn2Own 2020. An exploit chain was found for version 4.5.19.13 of the Galaxy Store application that could have allowed an attacker to install any application on...
Read more
GWTMap is a new tool to help map the attack surface of Google Web Toolkit (GWT) based applications. The purpose of this tool is to facilitate the extraction of any service method endpoints buried within a...
Read more
Throughout the following blog post we provide insights into calendar alerts, a method of persisting on macOS. Building on the work of Andy Grant over at NCC (https://research.nccgroup.com/2020/05/05/exploring-macos-calendar-alerts-part-1-attempting-to-execute-code/), this post takes deeper look into weaponising the...
Read more
As in many other domains, Machine Learning (ML) techniques, which power a large share of modern Artificial Intelligence (AI) systems, were originally designed to be used in benign and controlled environments.
Read more
F-Secure are pleased to announce that C3 now supports C2 over LDAP, adding a much-needed internal channel to C3’s arsenal.
Read more
Attack-aware applications have been discussed in AppSec for over a decade - the concept that an application can detect that it is being attacked and fight back.
Read more
It can be challenging to detect malicious documents as the embedded code is often obfuscated to evade detection from anti-virus and static file analysis.
Read more