2022-05-04 00:00   Scheduled Task Tampering    #f-secure #安全文章 Microsoft recently published an article that documented how the HAFNIUM threat actor leveraged a flaw in how scheduled tasks are stored in the registry to hide their presence.

2022-04-21 21:02   Faking Another Positive COVID Test    #f-secure #安全文章 WithSecure conducted research into the Cue Health Home COVID-19 Test with the intention of finding methods to create fraudulent COVID-19 test results.

2022-04-05 21:04   Performing and Preventing Attacks on Azure Cloud Environments through Azure DevOps    #f-secure #安全文章 Many organisations have recognised the risk of assigning cloud engineers with direct privileges to their production Azure Cloud resources. With Owner or Contributor privileges assigned to an engineer’s day-to-day Azure Active Directory (Azure AD) account, an...

2022-04-05 21:04   Detecting Attacks against Azure DevOps    #f-secure #安全文章 This post will cover detection opportunities specific to the attack path discussed in the previous blog. In this path, a malicious Azure Active Directory application was registered from a low privileged foothold.

2021-12-21 21:02   Faking A Positive COVID Test    #f-secure #安全文章 F-Secure conducted research into the Ellume COVID-19 Home Test with the intention of finding methods to fake a COVID test result. This device was chosen specifically because of the Bluetooth device that is used as the...

2021-12-20 00:00   ESFang - Exploring the macOS Endpoint Security Framework (ESF) for Threat Detection    #f-secure #安全文章 Endpoint Security Framework (ESF) is the new(ish) security auditing tool that Apple has introduced to provide the security industry with a one stop shop for all its telemetry needs.

2021-11-24 21:01   A bit of a Fixer Upper - Testing FIX-backed applications    #f-secure #安全文章 I woke up one day and realized I didn't know much about the FIX protocol. So I spent a few days looking into it and then created a Burp extension to make my life easier.

2021-10-01 00:00   Analysis of CVE-2021-1810 Gatekeeper bypass    #f-secure #安全文章 In my previous blog post, I wrote about how I found a Gatekeeper bypass vulnerability in how archive

2021-10-01 00:00   The discovery of Gatekeeper bypass CVE-2021-1810    #f-secure #安全文章 When extracted by Archive Utility, file paths longer than 886 characters would fail to inherit the c

2021-08-03 00:00   Playing with PuTTY    #f-secure #安全文章 During adversarial simulation exercises we often have to solve complex problems with novel technique

2021-05-10 00:00   Prelude to Ransomware: SystemBC    #f-secure #安全文章 In late February 2021, F-Secure’s Managed Detection and Response (MDR) service identified the execut

2021-04-28 00:00   Attack Detection Fundamentals 2021: Azure - Lab #1    #f-secure #安全文章 In the final part of F-Secure Consulting's Attack Detection Fundamentals workshop series for 2021, w

2021-04-28 00:00   Attack Detection Fundamentals 2021: Azure - Lab #2    #f-secure #安全文章 In the final part of F-Secure Consulting's Attack Detection Fundamentals workshop series for 2021, w

2021-04-28 00:00   Attack Detection Fundamentals 2021: Azure - Lab #3    #f-secure #安全文章 In the previous lab, we learnt that with read-only permissions, we can still read Azure Logic App Wo

2021-04-27 00:00   Heavy Metal Debugging    #f-secure #安全文章 Reversing Engineering on zOS has some challenges - one of the biggest is attempting to get started.