Keys to the Kingdom – Gaining access to the Physical Facility through Internal Access

This is a story of network segmentation and the impact that seemingly trivial misconfigurations can have for your organization. This is one of those occasions. This particular pen test asked for goals-based assessment focusing on post-compromise activities — an attempt Read More …

The Proliferation of Cellular in IoT

Analysis of Cellular Based Internet of Things (IoT) Technology is a new whitepaper co-authored by Rapid7 principal security researcher Deral Heiland and Thermo Fisher Scientific lead product security researcher Carlota Bindner. In this new research, the authors dive deep into Read More …

ECB to conduct mock cyber attacks at 109 banks

The European Central Bank (ECB) will stress test 109 banks over the next twelve months to see if they are adequately prepared for cyber attacks. The banks’ response and recovery capabilities will be prioritized, not the potential to prevent incidents. Read More …

Singapore cyber defenders fend off simulated attacks against cellular, gas and airport systems

As simulated attackers tried to overload an electrical system, cripple a water distribution network and shut down a gas plant, cyber defence operators across 26 national agencies sprung into action to neutralise the assaults on a fictional state’s critical infrastructure. Read More …

Microsoft, Fortra are this fed up with cyber-gangs abusing Cobalt Strike

Microsoft and Fortra are taking legal and technical actions to thwart cyber-criminals from using the latter company’s Cobalt Strike software to distribute malware. Microsoft’s Digital Crimes Unit (DUC), Fortra, and Health Information Sharing and Analysis Center (Health-ISAC) filed a 223-page Read More …

DeimosC2: What SOC Analysts and Incident Responders Need to Know About This C&C Framework

C&C systems are useful collaboration tools for penetration testers and red teamers. They provide a common place for all victim machines to reach out to, be controlled from, and allow multiple users to interact with the same victims. When performing Read More …