Cyberis Blog

Reassuringly clear thinking.

  • Cloud risk management
  • Remote working

When you outsource production, you may risk productivity

Gone are the days of anti-virus updates being applied only when a client is connected to a network segment that has visibility of the internal update services. In this new world, updates are being pushed out quickly and automatically from a central cloud service, reducing the exposure time to any potential threat. The security benefit of automatic, fast updates to client systems is obvious. The downside – which sometimes can be measured in terms of productivity - is less so. Productivity benefits are generally why businesses adopt cloud-centric models, that allow them to be agile. However, when we do this, we are at the mercy of these platforms. Global outages or incidents in large cloud platforms do not happen often, but when they do, especially at global scale, the ripples are felt everywhere.

Read more
  • Detect and respond
  • News
  • Tools and techniques

Exchange Zero Day - CVE-2022-41040 and CVE-2022-41082

Microsoft Exchange is one of the most popular enterprise email products and runs on Windows Server operating systems. In August 2022, researchers at GTSC discovered a flaw in Exchange which allows attackers to obtain remote code execution on affected systems. Critically, this vulnerability affects fully patched Exchange Servers which renders this exploit as a zero-day vulnerability. These vulnerabilities have recently been confirmed by Microsoft as CVE-2022-41040 and CVE-2022-41082.

Read more
  • Penetration testing
  • Research
  • Tools and techniques

Bypassing IP based brute force protection with IPv6

Brute-force protections – designed to protect against attacks like password guessing – need to be carefully pitched and have associated pros and cons. Many popular protections these days rely upon monitoring and blocking malicious activity based on source IP address. In this blog post, we explore using IPv6 temporary addressing to bypass IP based brute-force protection.

Read more
  • Cloud risk management
  • Cyber Essentials
  • Penetration testing
  • Remote working
  • Tools and techniques

Defining controls by expectation may result in exploitation

One of the significant factors influencing SMEs when selecting security controls is not pragmatic risk management and risk treatment, or even common industry frameworks, as you might imagine - but security controls expected by customers. Supply-chain security management through due diligence activities is often reasonable for this approach, but the one-size-fits-all approach can lead to weaker security models.

Read more
  • Penetration testing
  • Red teaming

Dead canaries in your network

When an adversary is inside your network, the faster you can detect and remove the intrusion the better.  Even if you don't have a "network" per se – even if you are running a pure zero-trust environment – detecting an attacker at work early will give you the upper hand. Even with sophisticated EDR products in the mix, criminals can often introduce malware to an environment to gain a foothold in a way that isn't detected.  Introduction of malware and establishment of a foothold is critical to criminal operations and so today's criminal gangs spend a great deal of time and resources using tradecraft and techniques to bypass the detective and preventative controls running on user workstations.  Even with a really good set of tools in the hands of an experienced defence teams, there is a good chance of criminals starting their attack chain without being caught. Using canaries can help you stay ahead.

Read more
  • Penetration testing
  • Tools and techniques

XSS is more than just <script>

Recently, we were examining an application that was protected by Cloudflare. We found a code injection point in a search field parameter where it was possible to introduce data of our choosing which looked like a good candidate for reflected cross-site scripting. With the protection afforded by control layers in place, however, demonstrating a credible proof-of-concept meant using alternative methods. 

Read more
  • Penetration testing
  • Tools and techniques

Sticky Keys - classic EUD device privilege escalation

Sticky Keys is an accessibility feature within Windows that assists users who have physical disabilities. Instead of having to press multiple keys at once, you can use one key by turning on Sticky Keys and adjusting the settings. However, the feature can be manipulated to elevate your local privileges. Now this technique is not new and has been around since the days of Windows XP but is still relevant if you have physical access to a device.

Read more
  • Cloud risk management
  • Research
  • Tools and techniques

Intune hacking: when is a "wipe" not a wipe

In this blog post we explore privilege escalation to SYSTEM with Intune managed devices, and how an Intune "Wipe" is not really a wipe at all.

Read more

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Contact us About Cyberis