This post contains information and data related to an on-going investigation of Microsoft Exchange Zero-Day ProxyLogon and associated vulnerabilities actively exploited and attributed to HAFNIUM. Any changes and edits made to this blog post will be noted at the top of the post. Update list 2021-03-08 16:29 CET – Added web shell details 2021-03-09 11:20 […]
Vad är egentligen ett red team-test och varför behöver man göra det i sin organisation? Här reder vi ut begreppet red teaming – en sorts ”etisk hacking”. Målet är att identifiera en organisations sårbarheter för cyberattacker.
Sometimes, things just do not work out as planned. Last week’s Truesec Tech Talk was one of those things. We are sorry that some of our viewers did experience technical difficulties connecting – and that our demos did not play accordingly. We have investigated the issues and are working closely with the platform provider to […]
I’ve spoken all around the world about different patching challenges. Somehow even after years of patching, reporting is still a challenge. Today, I want to take a different tack, and instead of attacking the technical aspects try to explain the higher-level challenges for management. To do this we are going to approach this from two […]
So, you want to play with that shiny new ReST API you’ve discovered but in doing research on consuming ReST APIs with PowerShell you’ve discovered two different cmdlets. Which one do I use? Which one is best? These are the same questions I had about 8 months ago. Invoke-WebRequest The Invoke-WebRequest cmdlet sends HTTP, HTTPS, FTP, and […]