RUAG Breach – A lesson in cyber espionage tradecraft tools & techniques

Following a successful data breach of Swiss defense contractor RUAG – specialising in aerospace technology – the Swiss Governmental Computer Emergency Response Team (GovCERT) took the unusual step of publishing a comprehensive data breach report. The reasons given for publishing the report: …to give organizations the chance to check their networks for similar infections, and to show the modus operandi of the attacker group. You can download the summary technical report here (PDF) – 2 pages And the full espionage report here (PDF) – 34 Pages If the full report is a little TL;DR for your time or taste – or even Read More

Raphael Mudge’s Advanced Threat Tactics Course

Going through Raphael Mudge’s Advanced Threat Tactics Course videos and blog post is akin to rummaging through treasure. Although this is a showcase for Cobalt Strike which is a *must have* tool for IT security Red Team operations and Adversary Simulation, it is so much more. For me, this course catapulted and solidified my thinking and is the pre-eminent single source of information for not only the tools of advanced threat simulation, but the underlying methodology and tradecraft. I’ll make no bones about it, I consider Cobalt Strike a masterpiece put together by a craftsman, and In case you think I’m going overboard, harmj0y described Read More

A Few Good Infosec Blog Post Links

The below are some links posted over the last few days by my Infosec Blogs Twitter account that I found particularly interesting: Missing Context Is The Greatest Cybersecurity Threat To Every Company In The World – By @S_Clarke22 Well, That Escalated Quickly.. Common Windows Privilege Escalation Vectors – By @icanhazshell Appropriate Covert Channels – By @armitagehacker Dump Clear-Text Passwords for All Admins in the Domain Using Mimikatz DCSync – By @PyroTek3 Exploiting JBoss with Empire and PowerShell – By @424f424f Introducing WMIOps – By @christruncer Lifehack: Treat your passwords as delicately as you treat your underwear – By @e_kaspersky I’m sorry, but your email address is not as valuable as you think it Read More