Blog

Session hijacking has evolved beyond traditional cookie theft. With Adversary-in-the-Middle (AitM) phishing kits like Evilginx2, attackers can intercept credentials and session tokens in real-time, bypassing even strong MFA solutions. In this hands-on guide, we’ll build a controlled lab environment, execute a full phishing campaign, and develop detection rules to identify these attacks. Understanding the Threat Evilginx2 is a man-in-the-middle proxy framework that sits between the victim and the legitimate website. Unlike traditional phishing, it:...

Kerberoasting is one of the most effective post-exploitation techniques used by attackers and red teamers to escalate privileges in Windows domains. In this article, we’ll dive deep into how the attack works, set up a lab environment, execute the attack step-by-step, and most importantly—learn how to detect and mitigate it. Understanding Kerberoasting Kerberoasting exploits the Kerberos authentication protocol used in Active Directory. Here’s the simplified flow: A user requests a Ticket-Granting Ticket (TGT) from the Key Distribution Center (KDC) The user presents their TGT to request a Ticket-Granting Service (TGS) for a specific service The TGS is encrypted with the service account’s password hash The attacker’s goal: Request TGS tickets for service accounts, crack the encrypted portion offline, and recover the plaintext password....

Microsoft Intune’s Conditional Access policies are designed to enforce compliance and protect enterprise environments by ensuring only managed and compliant devices can access corporate resources. However, security researchers at Jumpsec Labs have demonstrated a technique to bypass these restrictions, raising concerns about the effectiveness of Intune’s enforcement mechanisms. This article explores how the TokenSmith method enables adversaries to sidestep device compliance checks and what security teams can do to mitigate such risks....

In the realm of DevSecOps, integrating Static Application Security Testing (SAST) into Continuous Integration/Continuous Deployment (CI/CD) pipelines is a proactive approach to identifying vulnerabilities early in the software development lifecycle. While the ideal scenario envisions seamless detection and remediation of security flaws, the reality often involves navigating a series of complex challenges. Expectation vs. Reality The expectation is straightforward: a developer commits code, the CI pipeline initiates a security scan, detects vulnerabilities, and halts the process until issues are resolved, thereby preventing the release of insecure code....

Multi-factor authentication (MFA) is considered a cornerstone of modern security, with widespread adoption across enterprises and platforms. Despite its effectiveness in mitigating traditional threats like password compromise, recent advancements in attack strategies reveal critical weaknesses. One such method, dubbed “AuthQuake,” demonstrates how attackers can bypass MFA by exploiting weaknesses in implementation and user behavior. Understanding the AuthQuake Attack The AuthQuake attack represents a new wave of bypass techniques targeting MFA systems....

The Advanced Packaging Tool (APT) is a powerful command-line utility in Debian-based Linux distributions, like Debian and Ubuntu, for managing software packages. APT simplifies package management by handling dependencies, downloading, installing, updating, and removing packages efficiently. Through APT, users can install software directly from trusted repositories on the internet, keeping their systems secure and up-to-date. Why Use APT? APT is essential for maintaining a stable and secure Linux environment. It allows for seamless updates to system software and dependencies, ensuring compatibility across packages and reducing manual configuration....

Introduction In today’s rapidly evolving cybersecurity landscape, attackers have found new ways to bypass multi-factor authentication (MFA) and compromise user sessions through tactics such as session hijacking and infostealer malware. These techniques pose significant risks to organizations and users, even those who have deployed MFA solutions to secure their systems. ...

Wazuh is an open-source cybersecurity platform that combines Extended Detection and Response (XDR) and Security Information and Event Management (SIEM) to deliver comprehensive protection across endpoints, cloud workloads, and network devices. Its integrated approach allows organizations to monitor, detect, and respond to threats in real time, leveraging a flexible, scalable solution without licensing fees. Wazuh’s Community and Ecosystem One of Wazuh’s major strengths is its vibrant community and ecosystem, which contribute to its continuous improvement and growth....

The EUCS Under Fire: France’s Concerns Over Cybersecurity Sovereignty The European Cybersecurity Certification Scheme (EUCS) has been the subject of increasing criticism, especially from France, where concerns over digital sovereignty and the role of U.S. cloud service providers dominate discussions. French authorities and experts fear that the EUCS, while aimed at bolstering European cybersecurity, may allow foreign tech giants to maintain dominance in Europe’s critical infrastructure, undermining efforts to develop local, sovereign cloud solutions....

A recent breakthrough by French cybersecurity researchers has exposed a side-channel vulnerability in YubiKey 5 Series security keys. This attack demonstrates that even the most secure hardware, which is designed to protect online accounts using two-factor authentication (2FA), can be compromised under the right conditions. Overview of the Side-Channel Attack YubiKeys, often praised for their robust security, rely on the Elliptic Curve Digital Signature Algorithm (ECDSA) for encryption. The Infineon SLE78 microcontroller, which powers these devices, was thought to be secure following its numerous certifications, including from the Common Criteria for Information Technology Security Evaluation....