GoSecure Blog

RDP Man-in-the-Middle - Smile! You're on Camera

As part of our four-month internship at GoSecure, we chose to work on creating a Remote Desktop Protocol (RDP) honeypot. To achieve this, we used a Linux server with an RDP man-in-the-middle (MITM) program that redirects traffic to a real Windows Server.

When searching for tools, we found RDPY, a Python RDP library with a MITM implementation. However, RDPY had several limitations both in features and design choices for our use case. This led us to create our own library, which reuses some parts and concepts from RDPY.

In this blog post, we will showcase our newly release open-source project, PyRDP, which is usable both as a MITM and as a library to experiment with the protocol. We will demonstrate both use cases by describing an incident we had with a malicious user that compromised our honeypot.

Read More

Topics: malware, Research, Honeypot, RDP, tool, man-in-the-middle

Summary of Statistics Canada's Survey on Cyber Security and Cybercrime

If there is one thing that all cyber security professionals agree on is how data and statistics on cybersecurity and cybercrime are misleading and unreliable. This is unsurprising considering that most statistics created, until now, came from the cybersecurity industry itself. By being economically motivated at selling security products, this industry has an unequivocal bias. Fortunately, today, we enter a new era:  Statistics Canada has just released the results of the first Canadian Survey of Cyber security and Cybercrime (CSoCC).

Read More

Topics: cybersecurity statistics, statistics canada

The Supply Chain behind the Market for Fake "Likes"

In the past years, there has been increasing awareness by the public and policy makers on the potential harm that social network manipulation can produce. Yet, most researchers have looked at the front end of the problem: developing algorithms to flag fake accounts on social networks and suspend them. No studies have investigated  the problem from an industry perspective, with questions such as:

  • How political campaigns or hate groups manage to share 100,000 times their posts ? 
  • Where do they buy such service? 
  • How is the service delivered? 
Read More

Topics: botnet, social media fraud, fake likes, Linux/Moose

Large Scale Vulnerability Scanning with Jenkins

Find Security Bugs can often uncover interesting findings that may lead to the discovery of critical vulnerabilities. Back in May, we published on this blog two vulnerabilities in components of Spring, a Java web framework, using this tool. However, the process of using Find Security Bugs can be a little bit tedious to unseasoned Java users. Also, the process of analyzing compiled code and triaging the findings needed improvements. Here is the solution that was built to find vulnerabilities at scale.

Read More

Topics: appsec, devops, android, static analysis, tool, vulnerability, java

Throwing it out the Windows: Exfiltrating Active Directory credentials through DNS

This post will detail the password filter implant project we developed recently. Our password filter is used to exfiltrate Active Directory credentials through DNS. This text will discuss the technicalities of the project as well as my personal experience developing it. It is available under an open source license on GitHub.
Read More

Topics: tool, password, pentest

Upcoming WEIS presentation: Ransomware Payment in the Bitcoin Ecosystem

In the past year, we developed a data-driven method for identifying, quantifying, and comparing ransom payments in the Bitcoin ecosystem from 35 ransomware families. The study was conducted in partnership with Bernhard Haslhofer from the Austrian Institute of Technology (AIT) and Benoît Dupont from the Université de Montréal (UdeM). It resulted in a paper that will be presented at the 17th Annual Workshop on the Economics of Information Security (WEIS2018) in Innsbruck, Austria, besides renowned academic researchers.

Read More

Topics: Ransomware, bitcoin, cybercrime

GoSecure Merges with CounterTack

Today, GoSecure, Inc., a cybersecurity Managed Security Service & Managed Detection and Response provider announced a merger with CounterTack, the leading provider of Predictive Endpoint Detection, Response and Prevention for the enterprise.

Read More

Topics: EDR, MSSP, AAP

Beware of the Magic SpEL(L) - Part 2 (CVE-2018-1260)

On Tuesday, we released the details of RCE vulnerability affecting Spring Data (CVE-2018-1273). We are now repeating the same exercise for a similar RCE vulnerability in Spring Security OAuth2 (CVE-2018-1260). We are going to present the attack vector, its discovery method and the conditions required for exploitation. This vulnerability also has similarities with another vulnerability disclosed in 2016. The resemblance will be discussed in the section where we review the fix.

Read More

Topics: code review, rce, spel, spring, java

Beware of the Magic SpEL(L) - Part 1 (CVE-2018-1273)

This February, we ran a Find Security Bugs scan on over at least one hundred components from the Spring Framework, including the core components (spring-core, spring-mvc) but also optional components (spring-data, spring-social, spring-oauth, etc.). From this exercise, we reported some vulnerabilities. In this blog post, we are going to give more details on a SpEL injection vulnerability. While some proof of concept code and exploitation details have already surfaced on Twitter, we will add a focus on how these vulnerabilities were found, followed by a thorough review of the proposed fix.

Read More

Topics: code review, rce, spel, spring, java

How I Indexed the Darknet and Pastebin During My First University Internship

[Ed: And all I got is this lousy t-shirt]

This blog is the outcome of my 4 months of internship at GoSecure. This research internship was goal oriented and I had to pick out of 5 different research projects. I selected a topic I knew little about in order to challenge myself: crawling and indexing data. Here, I will describe two internal projects that we have developed to gather all kinds of interesting and valuable data. The first project aimed at gathering data on .onion sites—known as the Darknet—while the second one focused at gathering data on sites like Pastebin, GitHub’s gists and Dumpz. Besides this blog, I will present with Olivier Bilodeau these two projects at an academic law enforcement conference later in June.

Read More

Topics: Research, darknet, tool, leaks, pentest

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all