This presentation, delivered at the AISA National Conference in 2015, focused on Red Team Operations. We explained what Red Team Operations are, why they are essential, and how they differ from standard penetration testing engagements.
A curated list of tools, papers and techniques for Windows exploitation and incident response.
In this presentation, we share lessons learned from delivering incident response services in the cloud and conducting red team exercises against managed security service providers.
The top 15 questions business executives and IT directors should be asking their teams each quarter to effectively manage cyber risks.
This whitepaper introduces the concept of Offensive Countermeasures, a security strategy designed to create consequences for attackers who hack into our systems. We believe that if resources are not invested in tracking and disrupting these attackers, we are, by omission, allowing them to explore new ways to breach our defenses and return later to steal even more.
Business executives of small and medium-sized firms across Australia are being targeted by sophisticated social engineers attempting to defraud them with fake invoices. In this report, we highlight an advanced attacker group that successfully defrauded numerous small businesses in Melbourne, Sydney, and Brisbane.
What steps should medical colleges take to prepare for cyber attacks? In this presentation, we explore the components of a modern cybersecurity program and provide strategies and tactics for IT managers to strengthen their organization’s defenses.
Between January 2016 and July 2017, Mossé Security conducted 53 threat hunting exercises and responded to 67 separate security breaches. During this time, we observed 42 Australian firms struggling to fend off cyberattacks, witnessing firsthand how textbook approaches to information security often failed to deter attackers. In this report, we aim to illuminate the current state of cybersecurity in Australia, the adversaries involved, and their tactics. We also provide recommendations on the final page. Please feel free to contact us with any questions.
Mossé Security’s CSIRT regularly observes signed malware being used against Australian organizations. We advise enterprise security products and analysts not to automatically trust a file simply because it is signed. Digital certificates, which can be legitimately purchased for less than $100 USD, are often stolen or extracted from legitimate binaries, making them a tool for malicious actors.
CRIME CHARLIE is one of the most sophisticated groups of social engineers Mossé Security has encountered in Australia. Their advanced techniques and tactics have successfully targeted high-level personnel with access to multiple areas of the business and interactions with valuable external clients.
Mossé Security's CSIRT recently successfully responded to multiple breaches into corporate networks, where the initial point of entry was a malicious portable application providing adversaries with reverse-shell capabilities. This method, using portable applications as an indirect way to infiltrate networks, exemplifies a supply chain attack. With the rising trend of such attacks globally, many enterprises remain unprotected, unaware, or unequipped to handle this growing cyber risk.
Mossé Security’s CSIRT Team has responded to multiple intrusions by a financially motivated threat actor we call CRIME OSCAR. CRIME OSCAR's primary goal is to compromise the mailboxes of finance or procurement department members to intercept payment invoices. Our CSIRT Team has assisted organizations targeted in the construction, mining, and utility industries.
Mossé Security’s Advanced CSIRT Team has been urgently deployed to respond to a surge in email account compromises that have enabled threat actors like CRIME CHARLIE and CRIME OSCAR to steal money from regional organizations. The collateral damage to these companies’ reputations with their third-party vendors and employees is undoubtedly significant.
Mossé Security has observed that certain security solutions automatically upload emails, including sensitive information and attachments, to VirusTotal without the organization's knowledge or consent.
Mossé Security’s CSIRT has analyzed the security vulnerabilities reported in Zoom between March 31st and April 7th, 2020. We are now sharing our professional assessment of the risks associated with "Zoom Bombing" attacks and addressing the weak encryption practices employed by Zoom.
In 2020, Benjamin Mossé delivered a presentation to a government group. We’ve attached a selection of slides that have been carefully edited to highlight the key insights we believe will be valuable to the broader community.
UPX is an executable file compressor. In this blogpost, we share a simple anti-virus evasion technique based on UPX that works well against AI-based anti-virus software.
I taught myself by using a mix of online capture-the-flag challenges, passion projects and on-the-job problem statements. Teaching myself got me my first job and it even allowed me to become an independent contractor that delivers penetration testing engagements. Then, I decided that I wanted to up my game.
We present 10 reasons why cyber security wears people out and then offer you a simple solution to stay passionate about the field and give back to the community.
Our team had gained unauthorised access to hospital software. We could tamper with hospital files, medical records and even delete the thousands of records that would force the hospital to re-process hundreds of patients. The CIO was livid. Furious. Embarrassed. None of his security investments had worked. He challenged every finding and every line in our report.
How do organisations meet their cyber obligations and expectations whilst avoiding the high cost of cyber security? They use two business instruments that we call Dark Compliance and Dark Risk Management.
There has been an alarmingly incremental rising trend among threat groups these past years that have used seemingly legal means to obtain code signing certificates to sign their malware. How easy is it for adversaries to acquire a code signing certificate and sign their malware?
Here are 10 things, that when done consistently, generate amazing results.
The technical aspects of cyber security are pretty much resolved. The industry knows how adversaries breach networks, and we have proven techniques, technologies and procedures to stop them. So why do breaches keep happening?
If this blog post resonates with you, then I would like to invite you to become champions of a thriving cyber security culture. One that is all-inclusive, open-minded, of service, and that takes a stance against unacceptable social behaviours.
Whilst Japan's Minister of Cybersecurity has never used a computer, my friend George's 1 year old daughter has figured out how to use Skype on iPad to call her dad when she misses him.
How many minutes of troubleshooting does it take for a software bug to make you quit? Through training hundreds of students across thousands of practical exercises we've learnt that the difference between average mediocre ones and the very good ones in cyber security is the 20 minute mark.
In this opinion piece, we will aim to set the record straight on what "Active Defence" is, how it is practiced, where the value is for the private sector, and why some organisations use "Active Defence" tactics and strategies when responding to incidents.