Frequent verification codes may appear for non-Mainland China IP visits. If visitors are severely affected, please send [IP|ASN](|AS14618) to the bottom mailbox to add to the whitelist


2022-06-23 16:00   Cortex XSOAR Tips & Tricks – Creating indicator relationships in automations    #NVISO Labs #安全文章 Introduction In Cortex XSOAR, indicators are a key part of the platform as they visualize the Indicators Of Compromise (IOC) of a security alert in the incident to the SOC analyst and can be used in automated analysis workflows to determine the incident outcome. If you have a Cortex XSOAR Threat Int

2022-06-17 16:00   Why a successful Cyber Security Awareness month starts … now!    #NVISO Labs #安全文章 Have you noticed that it’s June, already?! Crazy how fast time flies by when busy. But Q2 of 2022 is almost ready to be closed, so why not have a peak at what the second half of the year has in store for us? Summer holidays you say? Sandy beaches and happy hour cocktails? Or … Continue reading

2022-06-07 16:00   Cortex XSOAR Tips & Tricks – Discovering undocumented API endpoints    #NVISO Labs #安全文章 Introduction When you use the Cortex XSOAR API in your automations, playbooks or custom scripts, the first place you will start is the API documentation to see which API endpoints are available. But what if you cannot find an API Endpoint for the task you want to automate in the documentation? In th

2022-06-01 16:00   Cortex XSOAR Tips & Tricks – Exploring the API using Swagger Editor    #NVISO Labs #安全文章 Introduction When using the Cortex XSOAR API in your automations, playbooks or custom scripts, knowing which API endpoints are available and how to use them is key. In a previous blog post in this series, we showed you where you could find the API documentation in Cortex XSOAR. The documentation was

2022-05-31 16:19   CVE Farming through Software Center – A group effort to flush out zero-day privilege escalations    #NVISO Labs #安全文章 Intro In this blog post we discuss a zero-day topic for finding privilege escalation vulnerabilities discovered by Ahmad Mahfouz. It abuses applications like Software Center, which are typically used in large-scale environments for automated software deployment performed on demand by regular (i.e. u

2022-05-30 16:00   Detecting BCD Changes To Inhibit System Recovery    #NVISO Labs #安全文章 Introduction Earlier this year, we observed a rise in malware that inhibits system recovery. This tactic is mostly used by ransomware and wiper malware. One notable example of such malware is “Hermetic wiper”. To inhibit recovery an attacker has many possibilities, one of which is changing the Boot

2022-05-24 16:00   Breaking out of Windows Kiosks using only Microsoft Edge    #NVISO Labs #安全文章 Introduction In this blog post, I will take you through the steps that I performed to get remote code execution on a Windows kiosk host using ONLY Microsoft Edge. Now, I know that there are many resources out there for breaking out of kiosks and that in general it can be quite easy, but this …

2022-05-23 16:00   What ISO27002 has in store for 2022    #NVISO Labs #安全文章 In current times, security measures have become increasingly important for the continuity of our businesses, to guarantee the safety for our clients and to confirm our company’s reputation. While thinking of security, our minds will often jump to the ISO/IEC 27001:2013 and ISO/IEC 27002:2013 standar

2022-05-18 23:41   Detecting & Preventing Rogue Azure Subscriptions    #NVISO Labs #安全文章 In this blog post we will cover why rogue subscriptions are problematic and revisit a solution published a couple of years ago on Microsoft's Tech Community. Finally, we will conclude with some hardening recommendations to restrict the creation and importation of Azure subscriptions.

2022-05-13 18:02   NVISO approved as APT Response Service Provider    #NVISO Labs #安全文章 NVISO is proud to announce that it has successfully qualified as an APT Response service provider and is now recommended on the website of the German Federal Office for Information Security (BSI).   Advanced Persistent Threats (APT) are typically described as attack campaigns in which highly sk

2022-05-09 21:02   Introducing pyCobaltHound – Let Cobalt Strike unleash the Hound    #NVISO Labs #安全文章 Introduction During our engagements, red team operators often find themselves operating within complex Active Directory environments. The question then becomes finding the needle in the haystack that allows the red team to further escalate and/or reach their objectives. Luckily, the security communi

2022-05-02 17:52   Girls Day at NVISO Encourages Young Guests To Find Their Dream Job    #NVISO Labs #安全文章 NVISO employees in Frankfurt and Munich showcased their work in Cybersecurity to the girls with live hacking demos, a view behind the scenes of NVISO and hands-on tips for their personal online security. Participating in the Germany- Wide “Girls Day”, we further widened the field of futu

2022-04-29 17:25   Analyzing VSTO Office Files    #NVISO Labs #安全文章 VSTO Office files are Office document files linked to a Visual Studio Office File application. When opened, they launch a custom .NET application. There are various ways to achieve this, including methods to serve the VSTO files via an external web server. An article was recently published on the cr

2022-04-28 16:00   Cortex XSOAR Tips & Tricks – Execute Commands Using The API    #NVISO Labs #安全文章 Introduction Every automated task in Cortex XSOAR relies on executing commands from integrations or automations either in a playbook or directly in the incident war room or playground. But what if you wanted to incorporate a command or automation from Cortex XSOAR into your own custom scripts? For t

2022-04-20 16:00   Investigating an engineering workstation – Part 3    #NVISO Labs #安全文章 In our third blog post (part one and two are referenced above) we will focus on information we can get from the projects itself. You may remember from Part 1 that a project created with the TIA Portal is not a single file. So far we talked about files with the “.apXX” extension, like “.ap15_1” &#823