Archive

This page contains all published blog posts.

From Backup to Backdoor: Exploitation of CVE-2022-36537 in R1Soft Server Backup Manager
Threat spotlight: Hydra
CVE-2022-27510, CVE-2022-27518 – Measuring Citrix ADC & Gateway version adoption on the Internet
One Year Since Log4Shell: Lessons Learned for the next ‘code red’
I’m in your hypervisor, collecting your evidence
Sharkbot is back in Google Play
Detecting DNS implants: Old kitten, new tricks – A Saitama Case Study
Flubot: the evolution of a notorious Android Banking Malware
Adventures in the land of BumbleBee
SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store
log4j-jndi-be-gone: A simple mitigation for CVE-2021-44228
Log4Shell: Reconnaissance and post exploitation network detection
Encryption Does Not Equal Invisibility – Detecting Anomalous TLS Certificates with the Half-Space-Trees Algorithm
Tracking a P2P network related to TA505
TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access
Reverse engineering and decrypting CyberArk vault credential files
SnapMC skips ransomware, steals data
RM3 – Curiosities of the wildest banking malware
Abusing cloud services to fly under the radar
TA505: A Brief History Of Their Time
Decrypting OpenSSH sessions for fun and profit
StreamDivert: Relaying (specific) network connections
Machine learning from idea to reality: a PowerShell case study
A Second Look at CVE-2019-19781 (Citrix NetScaler / ADC)
WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group
In-depth analysis of the new Team9 malware family
LDAPFragger: Command and Control over LDAP attributes
Hunting for beacons
Detecting random filenames using (un)supervised machine learning
Office 365: prone to security breaches?
Using Anomaly Detection to find malicious domains
Syncing yourself to Global Administrator in Azure Active Directory
Export corrupts Windows Event Log files
Getting in the Zone: dumping Active Directory DNS using adidnsdump
mkYARA – Writing YARA rules for the lazy analyst
PsiXBot: The Evolution Of A Modular .NET Bot
Identifying Cobalt Strike team servers in the wild
Your trust, our signature
Phishing – Ask and ye shall receive
Bokbot: The (re)birth of a banker
Introducing Team Foundation Server decryption tool
Introducing Orchestrator decryption tool
Escalating privileges with ACLs in Active Directory
Compromising Citrix ShareFile on-premise via 7 chained vulnerabilities
mitm6 – compromising IPv4 networks via IPv6
Lessons learned from a Man-in-the-Middle attack
Criminals in a festive mood
Detection and recovery of NSA’s covered up tracks
Further abusing the badPwdCount attribute
Fox-IT debunks report on ByLock app that landed 75,000 people in jail in Turkey
FAQ about PETYA/GOLDENEYE/PETR outbreak
Liveblog: Huge Petya ransomware wave
Massive outbreak of ransomware variant infects large amounts of computers around the world
Relaying credentials everywhere with ntlmrelayx
Snake: Coming soon in Mac OS X flavour
A Mole exposing itself to sunlight
Turkish hacktivists targeting the Netherlands: high noise, low impact
Detecting Ticketbleed (CVE-2016-9244)
Recent vulnerability in Eir D1000 Router used to spread updated version of Mirai DDoS bot
Ziggo ransomware phishing campaign still increasing in size
Mofang: A politically motivated information stealing adversary
LinkedIn information used to spread banking malware in the Netherlands
Ransomware deployments after brute force RDP attack
Large malvertising campaign hits popular Dutch websites
Website of security certification provider spreading ransomware
Financial Crisis Exercise at RSA 2016
RSA 2016: A Long Road Ahead for Security
RSA 2016: security heeft nog een lange weg te gaan
Ponmocup – A giant hiding in the shadows
The state of Ransomware in 2015
How a research project at Fox-IT enhances your security career
Finding the hidden attacker in your network
Do you have a clue?
How to become cyber resilient quickly and remain in full control
Large malvertising campaign targeting the Netherlands
Deep dive into QUANTUM INSERT
Liveblog: Malvertising from Google advertisements via possibly compromised reseller
CryptoPHP a week later: more than 23.000 sites affected
CryptoPHP: Analysis of a hidden threat inside popular content management systems
Cryptolocker variant Torrentlocker making new victims in NL
Update on the Torrentlocker ransomware
New Torrentlocker variant active in the Netherlands
Live blog on SSLv3 protocol vulnerability ‘POODLE’
Update on DecryptCryptoLocker
Malvertising: Not all Java from java.com is legitimate
CryptoLocker ransomware intelligence report
OpenSSL ‘heartbleed’ bug live blog
Building Bowser – A password cracking story
Tilon/SpyEye2 intelligence report
Malicious advertisements served via Yahoo
Not quite the average exploit kit: Zuponcic
Large botnet cause of recent Tor network overload
DNS takeover redirects thousands of websites to malware
Analysis of malicious advertisements on telegraaf.nl
Analysis of the KINS malware
Geïnfecteerde advertenties op nu.nl
Security advisory: Unencrypted storage of confidential information in Keeper® Password & Data Vault v5.3 for iOS
Seen in the wild: Updated Exploit Kits
Writeup on nbc.com distributing Citadel malware
Oracle getting serious about Java
Demystifying Pobelka
Cyber Security in Nederland op de agenda!
Fox-IT discovers security bugs in Oracle Software
Mogen we terugslaan?
Observations on the recent Java 0-day exploits in the wild
XDocCrypt/Dorifel – Document encrypting and network spreading virus
How to find malicious communication leaving your network
MIME Sniffing: feature or vulnerability?
Critical analysis of Microsoft Operation B71
Post mortem report on the sinowal/nu.nl incident
RSA-512 Certificates abused in the wild
Onze visie op de eigen slagkracht van de overheid
Presentatie Fox-IT op Infosecurity NL 2011
Over het CDA en het bestraffen van gebruik van crypto
DPI: Laten we het doen zoals in Chili!
Forbes: Bert Hubert explains the DNS issue with China

Share this:

Like this: