BLACK HAT ASIA 2024
CQURE Academy
by Social Cube
6d ago
BLACK HAT ASIA 2024 AND OUR TRAINING This year’s Black Hat Asia edition will last from April 16th to April 19th, and the event is traditionally divided into four parts: Briefings, Arsenal, Trainings, and Executive Summit. Trainings provide opportunities for firsthand technical skill-building. Our course, “Advanced Hacking and Securing Windows Infrastructure”, which you will find in the Trainings section, is packed with practical knowledge from numerous successful projects, many years of real-world experience, excellent teaching skills, and no tolerance for misconfigurations or insecure solutio ..read more
Visit website
Hacks Weekly #56 Ram Capturer
CQURE Academy
by Social Cube
9M ago
Capturing live memory, also known as memory forensics, can be a valuable technique for cybersecurity professionals for several reasons. It can help with investigating advanced attacks by revealing hidden processes, network connections and other artifacts as well as supporting data recovery processes by revealing encryption keys, decryption routines or data remnants. Additionally, capturing live memory can be useful when determining the root causes of security incidents by providing information about the state of a system during the incident.  Live memory dumps can be really useful during ..read more
Visit website
Hacks Weekly #55 Insecure Data storage
CQURE Academy
by Social Cube
10M ago
When we look at the definition of insecure data storage, this is simply referring to different data that is stored without the added protection, encryption or any other different security measures. It is crucial for applications that are developed by different development teams. Sensitive data is vulnerable when our protection techniques are not sufficient. When we are thinking about security methods, like pentesting web applications, we must consider the worst scenario – data breach. Passwords, names, and credit card numbers need secure mechanisms as business consequences of vulnerable data s ..read more
Visit website
Hacks Weekly #54 Crashing Application
CQURE Academy
by Social Cube
10M ago
The first step is to install the Dumping Service.  In the video attached, we’re doing it by running CreateDumpingService.bat. We need to start the service by running sc start dumpingservice. Afterwards, we can see the start pending. We can check sc query dumpingservice. Now it is running. The next step is to open the PerfView.   We need to start a new collection by clicking Collect and Collect here. It enables us to start a new Collection. Next, let’s go back to the command prompt. Now we can send custom control commands to the service. Let’s do this by typing sc control dumping ..read more
Visit website
10 things you should know about Incident Response and Forensics in 2023
CQURE Academy
by Social Cube
11M ago
2022 in the cybersecurity consulting world has been absolutely intense. Still, there is room for cybersecurity posture improvement. Besides the regular penetration tests that we deliver, we have also dealt with too many incidents happening on the Customers’ side. Even though every story is unique, they all have a couple of things in common. Here are the 10 things you should know about Incident Response and Forensics:   1. Incident response readiness is a key to successfully surviving the incident. That may sound like an obvious conclusion, however when looking into IBM research statistic ..read more
Visit website
Hacks Weekly #53 Hybrid Analysis
CQURE Academy
by Social Cube
11M ago
During the previous Hacks Weekly episode #52 Malware Analysis with AnyRun we went through analyzing malware inside the AnyRun cloud software. Besides AnyRun, cybersecurity professionals use different software and platforms to verify ransomware or test it. This time we will focus on hybrid-analysis.com, which has similar usage to the AnyRun website.  Our video starts with the main page where you can find a file’s name: owo_im_not_ransomware_xd.exe. It can be explored by searching the hash of the file. If we scroll down the page a little bit, we can also find the block of Anti-Virus Results ..read more
Visit website
Hacks Weekly #51 Investigating Risky Events Azure AD
CQURE Academy
by Social Cube
11M ago
This time we’re going to talk about Azure AD Identity Protection and investigating risky events related to identities. We’re going to detect, analyze and decide what is happening with our users. First of all, let’s look at the Azure Portal. Let’s launch Portal.azure.com and go to Azure AD Identity Protection where we can see a few statistics related to protecting user identities. If we go into the User risk policy, then we can configure that by going into the Users -> All users. Here you’ve got the users that we would like to include in that particular policy. We can choose someone from the ..read more
Visit website
Hacks Weekly #50 Network Traffic Analysis
CQURE Academy
by Social Cube
11M ago
Neutrino, one of the world’s most popular exploit kits, will be the base for our Hacks Weekly scenario. Its malicious code can be injected into legitimate resources – like websites – and compromise a computer through various vendor vulnerabilities.   However, due to NTA, we are able to track Neutrino steps and find the root that has caused the infection.  Let’s start with our scenario. We have three Windows computers active and at least one of them has an exploit kit injected. Our goal is to check if any of entities were infected.  We’ll do it by analyzing the pickup file i ..read more
Visit website
Hacks Weekly #49 Introduction to Boot Monitoring
CQURE Academy
by Social Cube
1y ago
By monitoring the boot process, one might detect a malware infection as some of the malicious executables interfere with Windows system files accessed during the system boot-up resulting in a slower start of it.  First of all, please make sure you have set up stack walking. If you have not done it yet, you can set it up with the command you can see below:  C:\xperf>REG ADD “HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management” -v DisablePagingExecutive -d 0x1 -t REG_DWORD -f What is more, you need to have an xperf folder as well, preferably on the C Drive.&n ..read more
Visit website
Hacks Weekly #47 Memory Dump
CQURE Academy
by Social Cube
1y ago
Memory dump in general is useful in order to investigate what’s running in our system memory. Everything, all information that was running before the crash is stored in our memory. For example, if there is any kind of malicious code that is running in the memory of a legitimate process, then you would be able to extract information and find that piece of code. Of course – when the memory dump was collected. We all know that a memory dump as well as a memory itself is volatile. Therefore, in order to perform the memory dump, you need to be sure that everything works smoothly. You need to have g ..read more
Visit website

Follow CQURE Academy on FeedSpot

Continue with Google
Continue with Apple
OR