Blog Entries

18. 05. 2022 Massimo Giaimo Blue Team

Correlation between most exploited CVEs and detection rules

On May 12th, the CSIRT (Computer Security Incident Response Team – Italia) published a list of the CVEs most exploited by threat actors. The list also contains an indication of the TTPs used by these attackers. The objective of this article is to make available information relating to detection rules that are already available within…

Read More
17. 05. 2022 Massimo Giaimo Blue Team, SEC4U

A look inside Dark Angels negotiation and some details about their TTP

Starting from a static analysis done by Cyble Research Lab (https://blog.cyble.com/2022/05/06/rebranded-babuk-ransomware-in-action-darkangels-ransomware-performs-targeted-attack/) of ransomware called Dark Angels, we gained evidence about the activities of the Dark Angels ransomware group. An OSINT analysis carried out by our Würth Phoenix team helped to reach the Ransom Operator blog and one of the victim pages. Based on the evidence…

Read More
17. 01. 2022 Massimo Giaimo Blue Team, SEC4U

An Evaluation of Elastic EDR with APT Simulator

We decided to carry out an evaluation of Elastic’s EDR using the APT Simulator (https://github.com/NextronSystems/APTSimulator) tool. This tool is widely used within the cyber security community and is highly reputed, as it was developed by Florian Roth, who also created the Sigma Rule project. APT Simulator is a Windows Batch script that uses a set…

Read More
23. 09. 2021 Massimo Giaimo Exposure Assessment, SEC4U

Exposure Assessment: Straight to the Point!

In this second post on the Exposure Assessment topic we’ll start from the end! We’ve just put into production, within our OSINT & Cyber Threat Intelligence SATAYO platform, an internal search engine that aims to simplify the search for evidence within the platform itself. This is a development that has been particularly requested by those…

Read More
02. 09. 2021 Massimo Giaimo Exposure Assessment, SEC4U

Exposure Assessment: Know the Attack Surface

This is the first in a series of articles that aims to technically describe the various objects collected within our Exposure Assessment activity, based on our OSINT & Cyber Threat Intelligence SATAYO platform. Its functionalities and the elements make it a fundamental tool for all organizations wishing to continuously monitor their exposure within public domain…

Read More
09. 07. 2021 Massimo Giaimo Blue Team, SEC4U

Analysis of a Dark Web site

In this article we will see together how to perform an analysis of a site present on the Dark Web and more precisely of a site present within the Tor network. Our point of reference will be the site of the Avos ransomware gang, which has just started its cyber criminal activity a few weeks…

Read More
02. 07. 2021 Massimo Giaimo Red Team, SEC4U

PrintNightmare – A Good Opportunity for the Red Team

The goal of this article is to present the point of view of the Red Team SEC4U at Würth Phoenix regarding the ominous PrintNightMare vulnerability that has been talked about so much in recent days. A summary for those who did not receive hardly any information about this: it’s a weakness in the Microsoft Windows…

Read More
12. 03. 2021 Massimo Giaimo Blue Team, Log-SIEM, SEC4U

Microsoft Exchange 0-Day: Let’s Look at the Facts!

I’m writing this article with the goal of summarizing the events of recent days concerning the zero-day vulnerability that has struck Microsoft Exchange installations, and to provide some useful information to help you understand how the attack began, how it developed, and what we should expect in the immediate future. First of all, a quick…

Read More
17. 04. 2020 Massimo Giaimo Asset Management, NetEye

Integrating phpIPAM into NetEye 4

Introduction In this article I will show you how to use phpIPAM (https://phpipam.net/), an open source IP address management project, as an import source database for NetEye. The goal is to use hosts you have already configured separately in phpIPAM and import them into NetEye. This allows you to take advantage of the powerful and…

Read More
03. 09. 2019 Massimo Giaimo Events, Log-SIEM, NetEye, Service Management

NetEye SIEM: The Attacker’s Point of View

In our ethical hacking activities there are three different phases in which we clash with the themes of SIEM: PLANNING – The phase prior to the activity where we define the scope of engagement, be it for a Vulnerability Assessment, a Penetration Test or simulating a real attack CHALLENGE – The activity, corresponding to Vulnerability…

Read More
19. 09. 2017 Massimo Giaimo Information Security Operations Center, NetEye

Vittime di attacchi cibernetici? NetEye e Kibana possono aiutarvi!

La sicurezza informatica rientra tra le principali priorità di ogni CIO. Gli attacchi cibernetici sono ormai una realtà che va affrontata quotidianamente. Sempre più aziende rientrano tra le vittime dei cosiddetti cybercrime dovendo, loro malgrado, pagarne le conseguenze in termini finanziari, operativi e di reputazione. Ecco perché cercare di strutturare meglio le difese, aumentando l’efficienza…

Read More
19. 09. 2017 Massimo Giaimo Information Security Operations Center, NetEye

Do you want to prevent cyber-attacks? NetEye and Kibana can help.

IT security is one of the highest priorities for every CIO. Cyber-attacks are now a reality that we must deal with on a daily basis. More and more organizations have been the victims of so-called cybercrimes that are the cause of financial losses, operational problems and consequences to the company’s reputation. That is why trying…

Read More
19. 09. 2017 Massimo Giaimo Log-SIEM, NetEye

Do you want to prevent cyber-attacks? NetEye and Kibana can help.

IT security is one of the highest priorities for every CIO. Cyber-attacks are now a reality that we must deal with on a daily basis. More and more organizations have been the victims of so-called cybercrimes that are the cause of financial losses, operational problems and consequences to the company’s reputation. That is why trying…

Read More
13. 12. 2016 Massimo Giaimo NetEye, Real User Experience

Überwachung eines Remote Banking Dienstes mit Alyvix und NetEye

Massimo Giaimo, Senior System & Netzwerk Administrator bei IBT, teilt seine Erfahrungen mit Alyvix und NetEye. Welches sind die jüngsten und bedeutendsten Veränderungen im Bereich Application Monitoring? Jahrelang haben IT-Abteilungen Performance Monitoring Strategien implementiert, denen primär die Überwachung der System-Uptime zugrunde lag. Erst in letzter Zeit haben Unternehmen erkannt, dass es nicht immer ausreicht die Verfügbarkeit der…

Read More
13. 12. 2016 Massimo Giaimo NetEye, Real User Experience

Remote Banking Monitoring con Alyvix e NetEye

Massimo Giaimo, Senior System & Network Administrator in IBT, condivide la propria esperienza d’uso di Alyvix e NetEye. Quali sono i cambiamenti recenti più significativi dal punto di vista del monitoraggio di applicazioni? Per decenni i reparti IT si sono occupati principalmente del controllo delle prestazioni attraverso gli uptime dei sistemi che erogano i servizi…

Read More

Archive