The cybersecurity landscape constantly changes, and so does CQURE Academy. We always keep an eye on the industry updates and come up with new ways of delivering juicy content for all the knowledge-seekers. This time, we would like to present the premiere of our brand new Hacks Weekly formula that we are adapting now: webinar replays!  We sometimes get asked about how our trainings look like. Instead of bombarding you with lengthy descriptions, we’ve decided it would be much better to show you the practical bit! You now have an exceptional chance to take a sneak-peek at our unique CQURE te ..read more

BLACK HAT ASIA 2024 AND OUR TRAINING This year’s Black Hat Asia edition will last from April 16th to April 19th, and the event is traditionally divided into four parts: Briefings, Arsenal, Trainings, and Executive Summit. Trainings provide opportunities for firsthand technical skill-building. Our course, “Advanced Hacking and Securing Windows Infrastructure”, which you will find in the Trainings section, is packed with practical knowledge from numerous successful projects, many years of real-world experience, excellent teaching skills, and no tolerance for misconfigurations or insecure solutio ..read more

Capturing live memory, also known as memory forensics, can be a valuable technique for cybersecurity professionals for several reasons. It can help with investigating advanced attacks by revealing hidden processes, network connections and other artifacts as well as supporting data recovery processes by revealing encryption keys, decryption routines or data remnants. Additionally, capturing live memory can be useful when determining the root causes of security incidents by providing information about the state of a system during the incident.  Live memory dumps can be really useful during ..read more

When we look at the definition of insecure data storage, this is simply referring to different data that is stored without the added protection, encryption or any other different security measures. It is crucial for applications that are developed by different development teams. Sensitive data is vulnerable when our protection techniques are not sufficient. When we are thinking about security methods, like pentesting web applications, we must consider the worst scenario – data breach. Passwords, names, and credit card numbers need secure mechanisms as business consequences of vulnerable data s ..read more

The first step is to install the Dumping Service.  In the video attached, we’re doing it by running CreateDumpingService.bat. We need to start the service by running sc start dumpingservice. Afterwards, we can see the start pending. We can check sc query dumpingservice. Now it is running. The next step is to open the PerfView.   We need to start a new collection by clicking Collect and Collect here. It enables us to start a new Collection. Next, let’s go back to the command prompt. Now we can send custom control commands to the service. Let’s do this by typing sc control dumping ..read more

2022 in the cybersecurity consulting world has been absolutely intense. Still, there is room for cybersecurity posture improvement. Besides the regular penetration tests that we deliver, we have also dealt with too many incidents happening on the Customers’ side. Even though every story is unique, they all have a couple of things in common. Here are the 10 things you should know about Incident Response and Forensics:   1. Incident response readiness is a key to successfully surviving the incident. That may sound like an obvious conclusion, however when looking into IBM research statistic ..read more

During the previous Hacks Weekly episode #52 Malware Analysis with AnyRun we went through analyzing malware inside the AnyRun cloud software. Besides AnyRun, cybersecurity professionals use different software and platforms to verify ransomware or test it. This time we will focus on hybrid-analysis.com, which has similar usage to the AnyRun website.  Our video starts with the main page where you can find a file’s name: owo_im_not_ransomware_xd.exe. It can be explored by searching the hash of the file. If we scroll down the page a little bit, we can also find the block of Anti-Virus Results ..read more

This time we’re going to talk about Azure AD Identity Protection and investigating risky events related to identities. We’re going to detect, analyze and decide what is happening with our users. First of all, let’s look at the Azure Portal. Let’s launch Portal.azure.com and go to Azure AD Identity Protection where we can see a few statistics related to protecting user identities. If we go into the User risk policy, then we can configure that by going into the Users -> All users. Here you’ve got the users that we would like to include in that particular policy. We can choose someone from the ..read more

Neutrino, one of the world’s most popular exploit kits, will be the base for our Hacks Weekly scenario. Its malicious code can be injected into legitimate resources – like websites – and compromise a computer through various vendor vulnerabilities.   However, due to NTA, we are able to track Neutrino steps and find the root that has caused the infection.  Let’s start with our scenario. We have three Windows computers active and at least one of them has an exploit kit injected. Our goal is to check if any of entities were infected.  We’ll do it by analyzing the pickup file i ..read more

By monitoring the boot process, one might detect a malware infection as some of the malicious executables interfere with Windows system files accessed during the system boot-up resulting in a slower start of it.  First of all, please make sure you have set up stack walking. If you have not done it yet, you can set it up with the command you can see below:  C:\xperf>REG ADD “HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management” -v DisablePagingExecutive -d 0x1 -t REG_DWORD -f What is more, you need to have an xperf folder as well, preferably on the C Drive.&n ..read more