Digital DNA

IN-MEMORY BEHAVIOR ANALYSIS

THE LAST LAYER OF ENDPOINT DEFENSE

Hackers deploy sophisticated techniques to evade detection from traditional detection technologies - Packing, Encrypting, Polymorphing and fileless. However, each must be loaded into memory, unaltered, in order to execute. Counertack Digital DNA is the only solution that detects and alerts on malicious behavior in memory.
img_01

CounterTack endpoint detection is differentiated by its predictive power. Our patented Digital DNA is the predictive engine driving our NextGen AV, EDR and Insider Threat Detection. It is the only true in-memory threat detection technology in the industry.  

img_02

Digital DNA scans live physical memory for suspicious behavior.  It reverse engineers suspicious code and predicts malicious intentions. It provides the forensic evidence to determine if the code act like malware.

img_03

Digital DNA accesses our threat library with over 4,000 unique traits and capabilities. It applies the library and Machine Learning to analyze over 200 million capability combinations to accurately convict malicious code.

img_04

Security Teams cannot waste time investigating false positives.  Digital DNA applies CounterTack proprietary Machine Learning models to enhance predictive accuracy. It eliminates false positives, enabling Security Teams to investigate and mitigate with confidence

Detect threats that evade other solutions
Mitigate threats before they can execute
Eliminate time wasted on false positives
Water violently leaking from a large pipe

Abusing Unsafe Defaults in Active Directory Domain Services: A Real-World Case Study

By Louis Dion-Marcil

This past July, Kevin Robertson from NetSPI released a blog post entitled, "Beyond LLMNR/NBNS Spoofing – Exploiting Active Directory-Integrated DNS," which introduced a new technique (to us at least) targeting weak default access control in Active Directory Domain Services. At GoSecure, since most of our engagements require some level of Active Directory security assessment, we followed our interest and decided to find a way to reliably exploit it.

Read More

RDP Man-in-the-Middle - Smile! You're on Camera

By Émilio Gonzalez

As part of our four-month internship at GoSecure, we chose to work on creating a Remote Desktop Protocol (RDP) honeypot. To achieve this, we used a Linux server with an RDP man-in-the-middle (MITM) program that redirects traffic to a real Windows Server.

When searching for tools, we found RDPY, a Python RDP library with a MITM implementation. However, RDPY had several limitations both in features and design choices for our use case. This led us to create our own library, which reuses some parts and concepts from RDPY.

In this blog post, we will showcase our newly release open-source project, PyRDP, which is usable both as a MITM and as a library to experiment with the protocol. We will demonstrate both use cases by describing an incident we had with a malicious user that compromised our honeypot.

Read More

Summary of Statistics Canada's Survey on Cyber Security and Cybercrime

By Masarah Paquet-Clouston

If there is one thing that all cyber security professionals agree on is how data and statistics on cybersecurity and cybercrime are misleading and unreliable. This is unsurprising considering that most statistics created, until now, came from the cybersecurity industry itself. By being economically motivated at selling security products, this industry has an unequivocal bias. Fortunately, today, we enter a new era:  Statistics Canada has just released the results of the first Canadian Survey of Cyber security and Cybercrime (CSoCC).

Read More

front

The Supply Chain behind the Market for Fake "Likes"

By Masarah Paquet-Clouston

In the past years, there has been increasing awareness by the public and policy makers on the potential harm that social network manipulation can produce. Yet, most researchers have looked at the front end of the problem: developing algorithms to flag fake accounts on social networks and suspend them. No studies have investigated  the problem from an industry perspective, with questions such as:

Read More

Large Scale Vulnerability Scanning with Jenkins

By Benoit Côté-Jodoin

Find Security Bugs can often uncover interesting findings that may lead to the discovery of critical vulnerabilities. Back in May, we published on this blog two vulnerabilities in components of Spring, a Java web framework, using this tool. However, the process of using Find Security Bugs can be a little bit tedious to unseasoned Java users. Also, the process of analyzing compiled code and triaging the findings needed improvements. Here is the solution that was built to find vulnerabilities at scale.

Read More

A Password Hidden Among Other Binary Data

Throwing it out the Windows: Exfiltrating Active Directory credentials through DNS

By Leanne Dutil

This post will detail the password filter implant project we developed recently. Our password filter is used to exfiltrate Active Directory credentials through DNS. This text will discuss the technicalities of the project as well as my personal experience developing it. It is available under an open source license on GitHub.

Read More

Upcoming WEIS presentation: Ransomware Payment in the Bitcoin Ecosystem

By Masarah Paquet-Clouston

In the past year, we developed a data-driven method for identifying, quantifying, and comparing ransom payments in the Bitcoin ecosystem from 35 ransomware families. The study was conducted in partnership with Bernhard Haslhofer from the Austrian Institute of Technology (AIT) and Benoît Dupont from the Université de Montréal (UdeM). It resulted in a paper that will be presented at the 17th Annual Workshop on the Economics of Information Security (WEIS2018) in Innsbruck, Austria, besides renowned academic researchers. 

Read More

GoSecure Merges with CounterTack

By GoSecure

Today, GoSecure, Inc., a cybersecurity Managed Security Service & Managed Detection and Response provider announced a merger with CounterTack, the leading provider of Predictive Endpoint Detection, Response and Prevention for the enterprise.

Read More

Beware of the Magic SpEL(L) - Part 2 (CVE-2018-1260)

By Philippe Arteau

On Tuesday, we released the details of RCE vulnerability affecting Spring Data (CVE-2018-1273). We are now repeating the same exercise for a similar RCE vulnerability in Spring Security OAuth2 (CVE-2018-1260). We are going to present the attack vector, its discovery method and the conditions required for exploitation. This vulnerability also has similarities with another vulnerability disclosed in 2016. The resemblance will be discussed in the section where we review the fix.

Read More

Beware of the Magic SpEL(L) - Part 1 (CVE-2018-1273)

By Philippe Arteau

Read More

Water violently leaking from a large pipe

Abusing Unsafe Defaults in Active Directory Domain Services: A Real-World Case Study

By Louis Dion-Marcil

This past July, Kevin Robertson from NetSPI released a blog post entitled, "Beyond LLMNR/NBNS Spoofing – Exploiting Active Directory-Integrated DNS," which introduced a new technique (to us at least) targeting weak default access control in Active Directory Domain Services. At GoSecure, since most of our engagements require some level of Active Directory security assessment, we followed our interest and decided to find a way to reliably exploit it.

Read More

RDP Man-in-the-Middle - Smile! You're on Camera

By Émilio Gonzalez

As part of our four-month internship at GoSecure, we chose to work on creating a Remote Desktop Protocol (RDP) honeypot. To achieve this, we used a Linux server with an RDP man-in-the-middle (MITM) program that redirects traffic to a real Windows Server.

When searching for tools, we found RDPY, a Python RDP library with a MITM implementation. However, RDPY had several limitations both in features and design choices for our use case. This led us to create our own library, which reuses some parts and concepts from RDPY.

In this blog post, we will showcase our newly release open-source project, PyRDP, which is usable both as a MITM and as a library to experiment with the protocol. We will demonstrate both use cases by describing an incident we had with a malicious user that compromised our honeypot.

Read More

Summary of Statistics Canada's Survey on Cyber Security and Cybercrime

By Masarah Paquet-Clouston

If there is one thing that all cyber security professionals agree on is how data and statistics on cybersecurity and cybercrime are misleading and unreliable. This is unsurprising considering that most statistics created, until now, came from the cybersecurity industry itself. By being economically motivated at selling security products, this industry has an unequivocal bias. Fortunately, today, we enter a new era:  Statistics Canada has just released the results of the first Canadian Survey of Cyber security and Cybercrime (CSoCC).

Read More

front

The Supply Chain behind the Market for Fake "Likes"

By Masarah Paquet-Clouston

In the past years, there has been increasing awareness by the public and policy makers on the potential harm that social network manipulation can produce. Yet, most researchers have looked at the front end of the problem: developing algorithms to flag fake accounts on social networks and suspend them. No studies have investigated  the problem from an industry perspective, with questions such as:

Read More

Large Scale Vulnerability Scanning with Jenkins

By Benoit Côté-Jodoin

Find Security Bugs can often uncover interesting findings that may lead to the discovery of critical vulnerabilities. Back in May, we published on this blog two vulnerabilities in components of Spring, a Java web framework, using this tool. However, the process of using Find Security Bugs can be a little bit tedious to unseasoned Java users. Also, the process of analyzing compiled code and triaging the findings needed improvements. Here is the solution that was built to find vulnerabilities at scale.

Read More

A Password Hidden Among Other Binary Data

Throwing it out the Windows: Exfiltrating Active Directory credentials through DNS

By Leanne Dutil

This post will detail the password filter implant project we developed recently. Our password filter is used to exfiltrate Active Directory credentials through DNS. This text will discuss the technicalities of the project as well as my personal experience developing it. It is available under an open source license on GitHub.

Read More

Upcoming WEIS presentation: Ransomware Payment in the Bitcoin Ecosystem

By Masarah Paquet-Clouston

In the past year, we developed a data-driven method for identifying, quantifying, and comparing ransom payments in the Bitcoin ecosystem from 35 ransomware families. The study was conducted in partnership with Bernhard Haslhofer from the Austrian Institute of Technology (AIT) and Benoît Dupont from the Université de Montréal (UdeM). It resulted in a paper that will be presented at the 17th Annual Workshop on the Economics of Information Security (WEIS2018) in Innsbruck, Austria, besides renowned academic researchers. 

Read More

GoSecure Merges with CounterTack

By GoSecure

Today, GoSecure, Inc., a cybersecurity Managed Security Service & Managed Detection and Response provider announced a merger with CounterTack, the leading provider of Predictive Endpoint Detection, Response and Prevention for the enterprise.

Read More

Beware of the Magic SpEL(L) - Part 2 (CVE-2018-1260)

By Philippe Arteau

On Tuesday, we released the details of RCE vulnerability affecting Spring Data (CVE-2018-1273). We are now repeating the same exercise for a similar RCE vulnerability in Spring Security OAuth2 (CVE-2018-1260). We are going to present the attack vector, its discovery method and the conditions required for exploitation. This vulnerability also has similarities with another vulnerability disclosed in 2016. The resemblance will be discussed in the section where we review the fix.

Read More

Beware of the Magic SpEL(L) - Part 1 (CVE-2018-1273)

By Philippe Arteau

Read More

Water violently leaking from a large pipe

Abusing Unsafe Defaults in Active Directory Domain Services: A Real-World Case Study

By Louis Dion-Marcil

This past July, Kevin Robertson from NetSPI released a blog post entitled, "Beyond LLMNR/NBNS Spoofing – Exploiting Active Directory-Integrated DNS," which introduced a new technique (to us at least) targeting weak default access control in Active Directory Domain Services. At GoSecure, since most of our engagements require some level of Active Directory security assessment, we followed our interest and decided to find a way to reliably exploit it.

Read More

RDP Man-in-the-Middle - Smile! You're on Camera

By Émilio Gonzalez

As part of our four-month internship at GoSecure, we chose to work on creating a Remote Desktop Protocol (RDP) honeypot. To achieve this, we used a Linux server with an RDP man-in-the-middle (MITM) program that redirects traffic to a real Windows Server.

When searching for tools, we found RDPY, a Python RDP library with a MITM implementation. However, RDPY had several limitations both in features and design choices for our use case. This led us to create our own library, which reuses some parts and concepts from RDPY.

In this blog post, we will showcase our newly release open-source project, PyRDP, which is usable both as a MITM and as a library to experiment with the protocol. We will demonstrate both use cases by describing an incident we had with a malicious user that compromised our honeypot.

Read More

Summary of Statistics Canada's Survey on Cyber Security and Cybercrime

By Masarah Paquet-Clouston

If there is one thing that all cyber security professionals agree on is how data and statistics on cybersecurity and cybercrime are misleading and unreliable. This is unsurprising considering that most statistics created, until now, came from the cybersecurity industry itself. By being economically motivated at selling security products, this industry has an unequivocal bias. Fortunately, today, we enter a new era:  Statistics Canada has just released the results of the first Canadian Survey of Cyber security and Cybercrime (CSoCC).

Read More

front

The Supply Chain behind the Market for Fake "Likes"

By Masarah Paquet-Clouston

In the past years, there has been increasing awareness by the public and policy makers on the potential harm that social network manipulation can produce. Yet, most researchers have looked at the front end of the problem: developing algorithms to flag fake accounts on social networks and suspend them. No studies have investigated  the problem from an industry perspective, with questions such as:

Read More

Large Scale Vulnerability Scanning with Jenkins

By Benoit Côté-Jodoin

Find Security Bugs can often uncover interesting findings that may lead to the discovery of critical vulnerabilities. Back in May, we published on this blog two vulnerabilities in components of Spring, a Java web framework, using this tool. However, the process of using Find Security Bugs can be a little bit tedious to unseasoned Java users. Also, the process of analyzing compiled code and triaging the findings needed improvements. Here is the solution that was built to find vulnerabilities at scale.

Read More

A Password Hidden Among Other Binary Data

Throwing it out the Windows: Exfiltrating Active Directory credentials through DNS

By Leanne Dutil

This post will detail the password filter implant project we developed recently. Our password filter is used to exfiltrate Active Directory credentials through DNS. This text will discuss the technicalities of the project as well as my personal experience developing it. It is available under an open source license on GitHub.

Read More

Upcoming WEIS presentation: Ransomware Payment in the Bitcoin Ecosystem

By Masarah Paquet-Clouston

In the past year, we developed a data-driven method for identifying, quantifying, and comparing ransom payments in the Bitcoin ecosystem from 35 ransomware families. The study was conducted in partnership with Bernhard Haslhofer from the Austrian Institute of Technology (AIT) and Benoît Dupont from the Université de Montréal (UdeM). It resulted in a paper that will be presented at the 17th Annual Workshop on the Economics of Information Security (WEIS2018) in Innsbruck, Austria, besides renowned academic researchers. 

Read More

GoSecure Merges with CounterTack

By GoSecure

Today, GoSecure, Inc., a cybersecurity Managed Security Service & Managed Detection and Response provider announced a merger with CounterTack, the leading provider of Predictive Endpoint Detection, Response and Prevention for the enterprise.

Read More

Beware of the Magic SpEL(L) - Part 2 (CVE-2018-1260)

By Philippe Arteau

On Tuesday, we released the details of RCE vulnerability affecting Spring Data (CVE-2018-1273). We are now repeating the same exercise for a similar RCE vulnerability in Spring Security OAuth2 (CVE-2018-1260). We are going to present the attack vector, its discovery method and the conditions required for exploitation. This vulnerability also has similarities with another vulnerability disclosed in 2016. The resemblance will be discussed in the section where we review the fix.

Read More

Beware of the Magic SpEL(L) - Part 1 (CVE-2018-1273)

By Philippe Arteau

Read More

Water violently leaking from a large pipe

Abusing Unsafe Defaults in Active Directory Domain Services: A Real-World Case Study

By Louis Dion-Marcil

This past July, Kevin Robertson from NetSPI released a blog post entitled, "Beyond LLMNR/NBNS Spoofing – Exploiting Active Directory-Integrated DNS," which introduced a new technique (to us at least) targeting weak default access control in Active Directory Domain Services. At GoSecure, since most of our engagements require some level of Active Directory security assessment, we followed our interest and decided to find a way to reliably exploit it.

Read More

RDP Man-in-the-Middle - Smile! You're on Camera

By Émilio Gonzalez

As part of our four-month internship at GoSecure, we chose to work on creating a Remote Desktop Protocol (RDP) honeypot. To achieve this, we used a Linux server with an RDP man-in-the-middle (MITM) program that redirects traffic to a real Windows Server.

When searching for tools, we found RDPY, a Python RDP library with a MITM implementation. However, RDPY had several limitations both in features and design choices for our use case. This led us to create our own library, which reuses some parts and concepts from RDPY.

In this blog post, we will showcase our newly release open-source project, PyRDP, which is usable both as a MITM and as a library to experiment with the protocol. We will demonstrate both use cases by describing an incident we had with a malicious user that compromised our honeypot.

Read More

Summary of Statistics Canada's Survey on Cyber Security and Cybercrime

By Masarah Paquet-Clouston

If there is one thing that all cyber security professionals agree on is how data and statistics on cybersecurity and cybercrime are misleading and unreliable. This is unsurprising considering that most statistics created, until now, came from the cybersecurity industry itself. By being economically motivated at selling security products, this industry has an unequivocal bias. Fortunately, today, we enter a new era:  Statistics Canada has just released the results of the first Canadian Survey of Cyber security and Cybercrime (CSoCC).

Read More

front

The Supply Chain behind the Market for Fake "Likes"

By Masarah Paquet-Clouston

In the past years, there has been increasing awareness by the public and policy makers on the potential harm that social network manipulation can produce. Yet, most researchers have looked at the front end of the problem: developing algorithms to flag fake accounts on social networks and suspend them. No studies have investigated  the problem from an industry perspective, with questions such as:

Read More

Large Scale Vulnerability Scanning with Jenkins

By Benoit Côté-Jodoin

Find Security Bugs can often uncover interesting findings that may lead to the discovery of critical vulnerabilities. Back in May, we published on this blog two vulnerabilities in components of Spring, a Java web framework, using this tool. However, the process of using Find Security Bugs can be a little bit tedious to unseasoned Java users. Also, the process of analyzing compiled code and triaging the findings needed improvements. Here is the solution that was built to find vulnerabilities at scale.

Read More

A Password Hidden Among Other Binary Data

Throwing it out the Windows: Exfiltrating Active Directory credentials through DNS

By Leanne Dutil

This post will detail the password filter implant project we developed recently. Our password filter is used to exfiltrate Active Directory credentials through DNS. This text will discuss the technicalities of the project as well as my personal experience developing it. It is available under an open source license on GitHub.

Read More

Upcoming WEIS presentation: Ransomware Payment in the Bitcoin Ecosystem

By Masarah Paquet-Clouston

In the past year, we developed a data-driven method for identifying, quantifying, and comparing ransom payments in the Bitcoin ecosystem from 35 ransomware families. The study was conducted in partnership with Bernhard Haslhofer from the Austrian Institute of Technology (AIT) and Benoît Dupont from the Université de Montréal (UdeM). It resulted in a paper that will be presented at the 17th Annual Workshop on the Economics of Information Security (WEIS2018) in Innsbruck, Austria, besides renowned academic researchers. 

Read More

GoSecure Merges with CounterTack

By GoSecure

Today, GoSecure, Inc., a cybersecurity Managed Security Service & Managed Detection and Response provider announced a merger with CounterTack, the leading provider of Predictive Endpoint Detection, Response and Prevention for the enterprise.

Read More

Beware of the Magic SpEL(L) - Part 2 (CVE-2018-1260)

By Philippe Arteau

On Tuesday, we released the details of RCE vulnerability affecting Spring Data (CVE-2018-1273). We are now repeating the same exercise for a similar RCE vulnerability in Spring Security OAuth2 (CVE-2018-1260). We are going to present the attack vector, its discovery method and the conditions required for exploitation. This vulnerability also has similarities with another vulnerability disclosed in 2016. The resemblance will be discussed in the section where we review the fix.

Read More

Beware of the Magic SpEL(L) - Part 1 (CVE-2018-1273)

By Philippe Arteau

Read More

Water violently leaking from a large pipe

Abusing Unsafe Defaults in Active Directory Domain Services: A Real-World Case Study

By Louis Dion-Marcil

This past July, Kevin Robertson from NetSPI released a blog post entitled, "Beyond LLMNR/NBNS Spoofing – Exploiting Active Directory-Integrated DNS," which introduced a new technique (to us at least) targeting weak default access control in Active Directory Domain Services. At GoSecure, since most of our engagements require some level of Active Directory security assessment, we followed our interest and decided to find a way to reliably exploit it.

Read More

RDP Man-in-the-Middle - Smile! You're on Camera

By Émilio Gonzalez

As part of our four-month internship at GoSecure, we chose to work on creating a Remote Desktop Protocol (RDP) honeypot. To achieve this, we used a Linux server with an RDP man-in-the-middle (MITM) program that redirects traffic to a real Windows Server.

When searching for tools, we found RDPY, a Python RDP library with a MITM implementation. However, RDPY had several limitations both in features and design choices for our use case. This led us to create our own library, which reuses some parts and concepts from RDPY.

In this blog post, we will showcase our newly release open-source project, PyRDP, which is usable both as a MITM and as a library to experiment with the protocol. We will demonstrate both use cases by describing an incident we had with a malicious user that compromised our honeypot.

Read More

Summary of Statistics Canada's Survey on Cyber Security and Cybercrime

By Masarah Paquet-Clouston

If there is one thing that all cyber security professionals agree on is how data and statistics on cybersecurity and cybercrime are misleading and unreliable. This is unsurprising considering that most statistics created, until now, came from the cybersecurity industry itself. By being economically motivated at selling security products, this industry has an unequivocal bias. Fortunately, today, we enter a new era:  Statistics Canada has just released the results of the first Canadian Survey of Cyber security and Cybercrime (CSoCC).

Read More

front

The Supply Chain behind the Market for Fake "Likes"

By Masarah Paquet-Clouston

In the past years, there has been increasing awareness by the public and policy makers on the potential harm that social network manipulation can produce. Yet, most researchers have looked at the front end of the problem: developing algorithms to flag fake accounts on social networks and suspend them. No studies have investigated  the problem from an industry perspective, with questions such as:

Read More

Large Scale Vulnerability Scanning with Jenkins

By Benoit Côté-Jodoin

Find Security Bugs can often uncover interesting findings that may lead to the discovery of critical vulnerabilities. Back in May, we published on this blog two vulnerabilities in components of Spring, a Java web framework, using this tool. However, the process of using Find Security Bugs can be a little bit tedious to unseasoned Java users. Also, the process of analyzing compiled code and triaging the findings needed improvements. Here is the solution that was built to find vulnerabilities at scale.

Read More

A Password Hidden Among Other Binary Data

Throwing it out the Windows: Exfiltrating Active Directory credentials through DNS

By Leanne Dutil

This post will detail the password filter implant project we developed recently. Our password filter is used to exfiltrate Active Directory credentials through DNS. This text will discuss the technicalities of the project as well as my personal experience developing it. It is available under an open source license on GitHub.

Read More

Upcoming WEIS presentation: Ransomware Payment in the Bitcoin Ecosystem

By Masarah Paquet-Clouston

In the past year, we developed a data-driven method for identifying, quantifying, and comparing ransom payments in the Bitcoin ecosystem from 35 ransomware families. The study was conducted in partnership with Bernhard Haslhofer from the Austrian Institute of Technology (AIT) and Benoît Dupont from the Université de Montréal (UdeM). It resulted in a paper that will be presented at the 17th Annual Workshop on the Economics of Information Security (WEIS2018) in Innsbruck, Austria, besides renowned academic researchers. 

Read More

GoSecure Merges with CounterTack

By GoSecure

Today, GoSecure, Inc., a cybersecurity Managed Security Service & Managed Detection and Response provider announced a merger with CounterTack, the leading provider of Predictive Endpoint Detection, Response and Prevention for the enterprise.

Read More

Beware of the Magic SpEL(L) - Part 2 (CVE-2018-1260)

By Philippe Arteau

On Tuesday, we released the details of RCE vulnerability affecting Spring Data (CVE-2018-1273). We are now repeating the same exercise for a similar RCE vulnerability in Spring Security OAuth2 (CVE-2018-1260). We are going to present the attack vector, its discovery method and the conditions required for exploitation. This vulnerability also has similarities with another vulnerability disclosed in 2016. The resemblance will be discussed in the section where we review the fix.

Read More

Beware of the Magic SpEL(L) - Part 1 (CVE-2018-1273)

By Philippe Arteau

Read More

Water violently leaking from a large pipe

Abusing Unsafe Defaults in Active Directory Domain Services: A Real-World Case Study

By Louis Dion-Marcil

This past July, Kevin Robertson from NetSPI released a blog post entitled, "Beyond LLMNR/NBNS Spoofing – Exploiting Active Directory-Integrated DNS," which introduced a new technique (to us at least) targeting weak default access control in Active Directory Domain Services. At GoSecure, since most of our engagements require some level of Active Directory security assessment, we followed our interest and decided to find a way to reliably exploit it.

Read More

RDP Man-in-the-Middle - Smile! You're on Camera

By Émilio Gonzalez

As part of our four-month internship at GoSecure, we chose to work on creating a Remote Desktop Protocol (RDP) honeypot. To achieve this, we used a Linux server with an RDP man-in-the-middle (MITM) program that redirects traffic to a real Windows Server.

When searching for tools, we found RDPY, a Python RDP library with a MITM implementation. However, RDPY had several limitations both in features and design choices for our use case. This led us to create our own library, which reuses some parts and concepts from RDPY.

In this blog post, we will showcase our newly release open-source project, PyRDP, which is usable both as a MITM and as a library to experiment with the protocol. We will demonstrate both use cases by describing an incident we had with a malicious user that compromised our honeypot.

Read More

Summary of Statistics Canada's Survey on Cyber Security and Cybercrime

By Masarah Paquet-Clouston

If there is one thing that all cyber security professionals agree on is how data and statistics on cybersecurity and cybercrime are misleading and unreliable. This is unsurprising considering that most statistics created, until now, came from the cybersecurity industry itself. By being economically motivated at selling security products, this industry has an unequivocal bias. Fortunately, today, we enter a new era:  Statistics Canada has just released the results of the first Canadian Survey of Cyber security and Cybercrime (CSoCC).

Read More

front

The Supply Chain behind the Market for Fake "Likes"

By Masarah Paquet-Clouston

In the past years, there has been increasing awareness by the public and policy makers on the potential harm that social network manipulation can produce. Yet, most researchers have looked at the front end of the problem: developing algorithms to flag fake accounts on social networks and suspend them. No studies have investigated  the problem from an industry perspective, with questions such as:

Read More

Large Scale Vulnerability Scanning with Jenkins

By Benoit Côté-Jodoin

Find Security Bugs can often uncover interesting findings that may lead to the discovery of critical vulnerabilities. Back in May, we published on this blog two vulnerabilities in components of Spring, a Java web framework, using this tool. However, the process of using Find Security Bugs can be a little bit tedious to unseasoned Java users. Also, the process of analyzing compiled code and triaging the findings needed improvements. Here is the solution that was built to find vulnerabilities at scale.

Read More

A Password Hidden Among Other Binary Data

Throwing it out the Windows: Exfiltrating Active Directory credentials through DNS

By Leanne Dutil

This post will detail the password filter implant project we developed recently. Our password filter is used to exfiltrate Active Directory credentials through DNS. This text will discuss the technicalities of the project as well as my personal experience developing it. It is available under an open source license on GitHub.

Read More

Upcoming WEIS presentation: Ransomware Payment in the Bitcoin Ecosystem

By Masarah Paquet-Clouston

In the past year, we developed a data-driven method for identifying, quantifying, and comparing ransom payments in the Bitcoin ecosystem from 35 ransomware families. The study was conducted in partnership with Bernhard Haslhofer from the Austrian Institute of Technology (AIT) and Benoît Dupont from the Université de Montréal (UdeM). It resulted in a paper that will be presented at the 17th Annual Workshop on the Economics of Information Security (WEIS2018) in Innsbruck, Austria, besides renowned academic researchers. 

Read More

GoSecure Merges with CounterTack

By GoSecure

Today, GoSecure, Inc., a cybersecurity Managed Security Service & Managed Detection and Response provider announced a merger with CounterTack, the leading provider of Predictive Endpoint Detection, Response and Prevention for the enterprise.

Read More

Beware of the Magic SpEL(L) - Part 2 (CVE-2018-1260)

By Philippe Arteau

On Tuesday, we released the details of RCE vulnerability affecting Spring Data (CVE-2018-1273). We are now repeating the same exercise for a similar RCE vulnerability in Spring Security OAuth2 (CVE-2018-1260). We are going to present the attack vector, its discovery method and the conditions required for exploitation. This vulnerability also has similarities with another vulnerability disclosed in 2016. The resemblance will be discussed in the section where we review the fix.

Read More

Beware of the Magic SpEL(L) - Part 1 (CVE-2018-1273)

By Philippe Arteau

Read More