/var/log/messages

Like all good researchers, we publish our findings for everyone’s benefit. The articles here evidence our commitment to technical excellence and the breadth of the disciplines we cover.

Operationalising Calendar Alerts: Persistence on macOS

By Luke Roberts on 16 October 2020

Throughout the following blog post we provide insights into calendar alerts, a method of persisting on macOS. Building on the work of Andy Grant over at NCC (https://research.nccgroup.com/2020/05/05/exploring-macos-calendar-alerts-part-1-attempting-to-execute-code/), this post takes deeper look into weaponising the...

Read more

How to attack distributed machine learning via online training

By Alexey Kirichenko, David Karpuk and Samuel Marchal on 6 October 2020

As in many other domains, Machine Learning (ML) techniques, which power a large share of modern Artificial Intelligence (AI) systems, were originally designed to be used in benign and controlled environments.

Read more

Introducing LDAP C2 for C3

By James Coote on 6 October 2020

F-Secure are pleased to announce that C3 now supports C2 over LDAP, adding a much-needed internal channel to C3’s arsenal.

Read more

Application-level Purple Teaming: A case study

By William Jardine on 29 September 2020

Attack-aware applications have been discussed in AppSec for over a decade - the concept that an application can detect that it is being attacked and fight back.

Read more

Catching Lazarus: Threat Intelligence to Real Detection Logic - Part One

By Guillaume Couchard, Qimin Wang and Thiam Loong Siew on 25 September 2020

It can be challenging to detect malicious documents as the embedded code is often obfuscated to evade detection from anti-virus and static file analysis.

Read more

Securing AEM With Dispatcher

By Robert Russell on 7 September 2020

Adobe Experience Manager (AEM) is a popular Content Management System (CMS) that is used by a large and active user base to develop and deploy web applications.

Read more

Blog

N1QL Injection: Kind of SQL Injection in a NoSQL Database

By Krzysztof Pranczk on 2 September 2020

Nowadays, databases support various query languages, the most popular being SQL and NoSQL. These query languages are designed to provide clients with an efficient communication interface with the databases.

Read more

Exploiting CVE-2019-17026 - A Firefox JIT Bug

By Max Van Amerongen on 27 August 2020

Browser exploitation is an incredibly unique area of security research. With browsers constantly evolving to support new media and protocols, their attack surface is constantly evolving. Even JavaScript engines themselves are continuing to be improved upon.

Read more

Attack Detection Fundamentals: C2 and Exfiltration - Lab #3

By Alfie Champion on 15 July 2020

In the fourth and final part of F-Secure Consulting's Attack Detection Fundamentals Workshop series, covering Command and Control (C2) and Exfiltration, we explored a number of attacker techniques for maintaining communication with an implant, blending in...

Read more

Attack Detection Fundamentals: C2 and Exfiltration - Lab #2

By Alfie Champion and Jordan LaRose on 15 July 2020

In the fourth and final part of F-Secure Consulting's Attack Detection Fundamentals Workshop series, covering Command and Control (C2) and Exfiltration, we explored a number of attacker techniques for maintaining communication with an implant, blending in...

Read more

Attack Detection Fundamentals: C2 and Exfiltration - Lab #1

By Alfie Champion and Derek Stoeckenius on 15 July 2020

In the fourth and final part of F-Secure Consulting's Attack Detection Fundamentals Workshop series, covering Command and Control (C2) and Exfiltration, we explored a number of attacker techniques for maintaining communication with an implant, blending in...

Read more

Attack Detection Fundamentals: Discovery and Lateral Movement - Lab #5

By Alfie Champion on 8 July 2020

In the third part of F-Secure Consulting's Attack Detection Workshop series, covering Discovery and Lateral Movement, we explored a number of offensive techniques for discovering assets of value, be that users or file shares, and methods...

Read more