Hunting Down MS Exchange Attacks. Part 2 (CVE-2020-0688, CVE-2020-16875, CVE-2021-24085)
Our previous article focused on the different techniques used to detect ProxyLogon exploitation. This time we will talk about the techniques used to detect other notorious MS Exchange Server vulnerabilities, namely CVE-2020-0688, CVE-2020-16875 and CVE-2021-24085
Hunting Down MS Exchange Attacks. Part 1. ProxyLogon (CVE-2021-26855, 26858, 27065, 26857)
Microsoft Exchange is one of the most common mail servers used by hundreds of thousands of companies around the world. Its popularity and accessibility from the Internet make it an attractive target for attackers.
Defence Scenario: Cyber Polygon 2020 Technical Exercise Write-up
This article goes into details of the Defence scenario, where the participants had to repel an attack conducted by the Red Team.
Security of JSON Web Tokens (JWT)
JSON Web Tokens (JWT) mechanisms for user authentication become more and more popular in the applications. JWT gained particular popularity with the growing famousness of the microservice architecture: it entrusts the processing authentication data to the microservices, and therefore allows to avoid various authorisation errors, increase productivity and improve application scalability...
Threat Hunting. Why might you need it
Nowadays, cyberthreats are becoming more sophisticated. Attackers can successfully evade security systems, whilst staying off the radar, unnoticed by corporate cybersecurity teams.
Threat Hunting in action
In the previous article, we explained the essence of Threat Hunting and demonstrated its capability in detecting modern cyberthreats. With small examples, we analysed various hunting approaches such as IoC-, Tool- and TTPs-based approaches and the differences between them.
Hunting for advanced Tactics, Techniques and Procedures (TTPs)
In the first publication from the series of articles, we have explored the Threat Hunting approach, its difference from the classical approach to cybersecurity incident monitoring and the essential components for integrating this method. In the second publication, we delved deeper and demonstrated Threat Hunting in action with an example of a potential incident and tested several hypotheses to detect various techniques used by attacker in this incident.
Insecure Deserialisation
Deserialisation of untrusted data is ranked 8th in the 2017 OWASP Top Ten list of the most critical security risks to web applications. This vulnerability is identified as CWE-502, and occurs when the application deserialises data from an untrusted source without proper validation. Deserialisation mechanisms are often exploited by attackers to gain remote code execution in the compromised system.