2023-02-10 17:00   Cortex XSOAR Tips & Tricks – Leveraging dynamic sections – text    #NVISO Labs #安全文章 Introduction Cortex XSOAR is a security oriented automation platform, and one of the areas where it stands out is customization. A recurring problem in a SOC (Security Operation Center) is data availability. As a SOC Analyst, doing a thorough analysis of a security incident requires having access to

2023-01-25 17:00   Cortex XSOAR Tips & Tricks – Dealing with dates    #NVISO Labs #安全文章 Introduction As an automation platform, Cortex XSOAR fetches data that represents events set at defined moments in time. That metadata is stored within Incidents, will be queried from various systems, and may undergo conversions as it is moves from machines to humans. With its various integrations,

2023-01-10 16:00   Malware-based attacks on ATMs – A summary    #NVISO Labs #安全文章 Introduction Today we will take a first look at malware-based attacks on ATMs in general, while future articles will go into more detail on the individual subtopics. ATMs have been robbed by criminal gangs around the world for decades. A successful approach since ~ 20 years is the use of highly flam

2023-01-04 16:08   DeTT&CT: Automate your detection coverage with dettectinator    #NVISO Labs #安全文章 Introduction Last year, I published an article on mapping detection to the MITRE ATT&CK framework using DeTT&CT. In the article, we introduced DeTT&CT and explored its features and usage. If you missed it, you can find the article here. Although, after writing that article, I encountered

2022-12-19 16:00   The Beauty of Being a Cybersecurity Project Manager for NVISO NITRO MDR    #NVISO Labs #安全文章 All Project Managers might agree with this: working as a Project Manager is exciting as no two days are ever the same. Just like a conductor of an orchestra leads all musicians to bring harmonic masterpieces to life, so does the cybersecurity Project Manager leading and coordinating the different st

2022-12-16 16:00   The Key Role of the Service Delivery Manager at NVISO’s Managed Detect & Respond Service    #NVISO Labs #安全文章 The Service Delivery Manager (SDM) plays a key role in the delivery of our NVISO cybersecurity NITRO Managed Detect & Respond (MDR) services. As the main point of contact, we represent the client at NVISO and represent NVISO at the client. During the operational lifecycle of a contract, my fello

2022-12-13 17:00   Lower email spoofing incidents (and make your marketing team happy) with BIMI    #NVISO Labs #安全文章 Introduction Over the last couple of years, we saw the amount of phishing attacks skyrocket. According to F5, a multi-cloud security and application provider, there was a 220% increase of incidents during the height of the global pandemic compared to the yearly average. It’s expected that every year

2022-12-02 17:00   Can we block the addition of local Microsoft Defender Antivirus exclusions?    #NVISO Labs #安全文章 Introduction A few weeks ago, I got a question from a client to check how they could prevent administrators, including local administrators on their device, to add exclusions in Microsoft Defender Antivirus. I first thought it was going to be pretty easy by pushing some settings via Microsoft Endpoi

2022-11-09 22:13   NVISO EXCELS IN MITRE ATT&CK® MANAGED SERVICES EVALUATION    #NVISO Labs #安全文章 As one of the only EU-based Cyber Security companies, NVISO successfully participated in a first-of-its-kind, MITRE-led, evaluation of Managed Security Services (MSS). The inaugural MITRE Engenuity ATT&CK® Evaluations for Managed Security Services ran in June 2022 and its results have been publi

2022-11-09 21:42   Visualizing MISP Threat Intelligence in Power BI – An NVISO TI Tutorial    #NVISO Labs #安全文章 In this blog we will explain how to use the functionality of Power BI to visualize your MISP data in a interactive and useful way.

2022-10-25 19:00   The dangers of trust policies in AWS    #NVISO Labs #安全文章 Introduction Everyone that has used Amazon Web Services (AWS) knows that the cloud environment has a unique way of granting access to users and resources. This is done by allowing users and/or resources to temporarily assume roles. These kinds of actions are possible because of trust policies that a

2022-09-23 16:00   Cortex XSOAR Tips & Tricks – Creating indicator relationships in integrations    #NVISO Labs #安全文章 Introduction When a Threat Intelligence Management (TIM) license is present in your Cortex XSOAR environment, the feature to create relationships between indicators is available. This allows you to describe how indicators relate to each other and use this relationship in your automated analysis of a

2022-08-18 23:54   Intercept Flutter traffic on iOS and Android (HTTP/HTTPS/Dio Pinning)    #NVISO Labs #安全文章 Some time ago I wrote some articles on how to Man-In-The-Middle Flutter on iOS, Android (ARM) and Android (ARM64). Those posts were quite popular and I often went back to copy those scripts myself. Last week, however, we received a Flutter application where the script wouldn’t work anymore. As

2022-08-05 23:06   Finding hooks with windbg    #NVISO Labs #安全文章 In this blogpost we are going to look into hooks, how to find them, and how to restore the original functions.

2022-07-20 16:00   Analysis of a trojanized jQuery script: GootLoader unleashed    #NVISO Labs #安全文章 In this blog post, we will perform a deep analysis into GootLoader, malware which is known to deliver several types of payloads, such as Kronos trojan, REvil, IcedID, GootKit payloads and in this case Cobalt Strike. In our analysis we’ll be using the initial malware sample itself together with some