Just some days ago, a fake INEC recruitment portal shows up in our space. And several media houses have reported INEC issuing a disclaimer around […]
Category: Vulnerability
Bypassing AV with Hoaxshell – Windows Defenders
T3l3machu recently released Hoaxshell and Villain, both of which are excellent tools that easily make it to our red team operations arsenal. What makes these […]
Follina – An Actively Exploited Microsoft Zero-Day
CVE-2022-30190 dubbed Follina is a zero-day, “zero-click” (if saved as .rft) remote code execution technique used through MSDT (Microsoft Diagnostics Tool) and Microsoft Office utilities […]
Wazuh Enabling SOC Meet Deliverables
In this blog post, we shall be reviewing how Wazuh can be used to deliver some of the capabilities expected from a Security Operation Center. […]
Log4j Vulnerabilities & Mitigations
Log4j Vulnerability Documentation What is Log4j? Log4j is a widely used java-based logging library, It is part of the Apache Logging services. Log4j is a […]
Defending against account takeover (ATO) attack.
Account takeover is a form of identity theft and fraud, where a malicious third party successfully gains access to a user’s account credentials. A successful […]