/var/log/messages

Like all good researchers, we publish our findings for everyone’s benefit. The articles here evidence our commitment to technical excellence and the breadth of the disciplines we cover.

Attack Detection Fundamentals: Initial Access - Lab #2

By Riccardo Ancarani on 24 June 2020

In the first part of F-Secure Consulting's Attack Detection Workshop series, covering Initial Access, we explored a number of offensive techniques for obtaining a foothold within a target environment through the creation and successful delivery of...

Read more

Attack Detection Fundamentals: Initial Access - Lab #3

By Riccardo Ancarani on 24 June 2020

In the first part of F-Secure Consulting's Attack Detection Workshop series, covering Initial Access, we explored a number of offensive techniques for obtaining a foothold within a target environment through the creation and successful delivery of...

Read more

Attack Detection Fundamentals: Initial Access - Lab #4

By Riccardo Ancarani on 24 June 2020

In the first part of F-Secure Consulting's Attack Detection Workshop series, covering Initial Access, we explored a number of offensive techniques for obtaining a foothold within a target environment through the creation and successful delivery of...

Read more

Abusing access to mount namespaces through /proc/pid/root

By Pasi Saarinen on 11 June 2020

Containers are used to isolate workloads from the host system. In Linux, container runtimes such as Docker and LXC use multiple Linux namespaces to build an isolated environment for the workload.

Read more

Releasing the CAPTCHA Cracken

By Sean Brodie and Tinus Green on 20 May 2020

In January 2019 we released a blog post talking about how text-based CAPTCHAs can be cracked using machine learning. Over the last year, we have been surveying the threat landscape and cracking all of the CAPTCHAs...

Read more

Internet Exploiter: Understanding vulnerabilities in Internet Explorer

By Max Van Amerongen on 15 May 2020

Internet Explorer has been a core part of the Microsoft Windows operating system since 1995. While further development has officially ceased in favour of the Edge browser, Microsoft continues to issue patches due to its continued use.

Read more

Bypassing Windows Defender Runtime Scanning

By Charalampos Billinis on 1 May 2020

Windows Defender is enabled by default in all modern versions of Windows making it an important mitigation for defenders and a potential target for attackers.

Read more

Jamfing for Joy: Attacking macOS in Enterprise

By Calum Hall and Luke Roberts on 17 April 2020

On 13th March 2020, Calum Hall and Luke Roberts gave a talk titled "An Attacker’s Perspective on Jamf Configurations" at the 3rd edition of Objective By The Sea, held on the beautiful island of Maui, Hawaii.

Read more

How are we doing with Android's overlay attacks in 2020?

By Emilian Cebuc on 27 March 2020

Browsing the Internet, sifting through Android news and security articles (as you normally do on a Saturday afternoon), you come across all sorts of articles.

Read more

Making Donuts Explode – Updates to the C3 Framework

By Tim Carrington on 10 March 2020

A new release of C3 has been made available with significant changes that aim to extend the user-base as well as enhance the operational capabilities of the framework.

Read more

Rethinking Credential Theft

By Robert Bearsby and Timo Hirvonen on 14 February 2020

Modern defensive security solutions use sophisticated techniques to prevent, detect and/or respond to malicious actions. These solutions are effective and are starting to hit red teamers where it hurts.

Read more

TamaGo

By Andrea Barisani on 11 February 2020

What you see in this screenshot is a secure shell (SSH) connection to a host, you might think that this is business as usual and wonder why is it worth showing off...

Read more