Threat Research​

This blog introduces a new information stealer, written in Rust and interestingly named FickerStealer. In this blog post, we provide an in-depth analysis of this new threat and its obfuscation...

Biometric authentication is beginning to see rapid adoption across the enterprise as organizations look to incorporate passwordless solutions to help mitigate the numerous security risks inherent...

While many Americans took off early to jump-start the Independence Day weekend, cyber attackers were launching the single biggest ransomware attack in history. It’s estimated that at least 800 to...

Digital transformation, widespread remote work due to the COVID-19 pandemic and ever-increasing reliance on cloud services and infrastructure have all contributed to new enterprise access...

We can’t help it. We hear the word “hacker” and our minds instantly go to shadowy figures in dark rooms frantically causing as much malicious digital mayhem as they can. It’s a misconception that...

In Part 1 of this blog post, we discussed attack vectors that utilize the different features of the devices that network plugins use, such as bridge devices and tunneling devices (VXLAN in...

Virtualization is a double-edged sword The glorious rise of the cloud in recent years could be attributed to the gradual advancement of many different technologies, both hardware and software...

With a consuming curiosity, obsession with lock picking – both physical and abstract – and sharp technical mind, Len Noe has been breaking and building things nearly all of his life. Hacking, as...

In this blog post, we will introduce a new open-source tool we developed, named Kubesploit, for testing Kubernetes environments. This is a full framework, dedicated to Kubernetes, to assist...

TL;DR JavaScriptCore (JSC) is the JavaScript engine used by Safari, Mail, App Store and many other apps in MacOs. The JSC engine is responsible for executing every line of JavaScript (JS) that...

Lately, we’ve been busy researching the developing field of cloud and container threats. Why focus here? Because, as this technology becomes more popular and continues to evolve, attackers are...

TL;DR During an internal container-based Red Team engagement, the Docker default container spontaneously and silently changed cgroups overnight, which allowed us to escalate privileges and gain...

Imagine there’s an attacker lurking inside your network right now. Do you have the ability to find out and respond before they can cause harm? Now imagine your adversary has privileged access to...

We hear about it all the time – data breaches that expose a company’s sensitive information. Nearly all of us have been warned that our passwords, email addresses or even credit cards have...

With so much of daily life tethered to digital communication and most of our important information residing in data clouds, we’ve all got a lot riding in this virtual atmosphere. So naturally, the...

Meet Oski Stealer: An In-depth Analysis of the Popular Credential Stealer Credential theft malware continues to be one of the most prevalent types of malware used in cyber attacks. The main...

In the past few weeks, we’ve been witnessing one of the most elaborate supply-chain attacks unfold with a threat actor that infected SolarWinds Orion source code and used the update process to get...

Introduction In the first part of my hardware hacking series, we discussed dumping firmware through the SPI flash chip. In this post, we will review the process of accessing and dumping the...