Blog Entries

15. 03. 2024 Luca Zeni Blue Team, SEC4U

SATAYO and SOC: in the new midlands

This article explains how the Cyber Threat Intelligence platform, SATAYO, serves as a powerful resource to optimize processes and strengthen threat coverage within the Würth Phoenix Attacker Centric SOC. We will analyze the utilization of SATAYO’s internal resources for creating Detection Rules and managing SOC Alerts. Additionally, we will examine how the logs in the…

Read More
11. 03. 2024 Mirko Ioris SOCnews

SOC News | Mar 11 – JetBrains TeamCity Authentication Bypass Vulnerabilities

On March 4, 2024, JetBrains released the TeamCity version 2023.11.4, which patches two authentication bypass vulnerabilities in the web component of TeamCity. These vulnerabilities were discovered in February by Rapid7’s vulnerability research team and allow a remote unauthenticated attacker to perform a complete compromise of a vulnerable TeamCity, including unauthenticated RCE. CVE Number CVSS Score…

Read More
20. 02. 2024 Massimo Giaimo SOCnews

SOC News | Feb 20 – Lockbit Infrastructure Seizure

On 19 February, through an operation coordinated by the National Crime Agency (NCA), a large part of the infrastructure of the Lockbit ransomware gang was seized. The ransomware gang, active since 2019, is undoubtedly best known within the field of double extortion ransomware attacks, having published claims relating to 2,591 attacked organizations over the years….

Read More
09. 02. 2024 Massimo Giaimo SOCnews

SOC News | Feb 07 – FortiOS Critical Vulnerabilities

On February 8, 2024, Fortinet disclosed 2 critical vulnerabilities which could allow remote code or command execution. The vulnerabilities are as follows: FortiOS – Format String Bug in fgfmd, with CVSS severity 9.8 The versions prone to this vulnerability are: Version Affected Solution FortiOS 7.4 7.4.0 through 7.4.2 Upgrade to 7.4.3 or above FortiOS 7.2…

Read More
03. 02. 2024 Massimo Giaimo SOCnews

SOC News | Feb 04 – AnyDesk Compromise

Starting February 1st, rumors regarding a possible compromise of AnyDesk began to circulate online. These rumors became more insistent as the contents of the January 29 Release Notes were noted. What initially appeared to be just normal maintenance activity on Anydesk’s infrastructure was later revealed to actually be a compromise. AnyDesk has in fact made…

Read More
25. 01. 2024 Massimo Giaimo SOCnews

SOC News | Jan 01 – Kasseika Ransomware Uses BYOVD in His TTP

Kasseika Threat Actor has joined the club of Threat Actors that currently use Bring Your Own Vulnerable Driver (BYOVD) tactics to disable antivirus/EDR software before carrying out malicious activities, such as encrypting files. Kasseika abuses the Martini driver, part of the TG Soft’s VirIT Agent System. By using BYOVD attacks, the malware gains privileges it…

Read More
04. 01. 2024 Mirko Ioris Blue Team, SEC4U

Hacker Group Activities and Cyber Security Concerns | Second Semester 2023

A Security Operation Center (SOC) is a service where the customer is an active participant. Establishing a good relationship with the customer is an important requirement for handling security incidents more efficiently. Our SOC analysts produce and deliver several reports, most of them on a monthly basis. They are usually presented to clients during a…

Read More
24. 12. 2023 Massimo Giaimo SOCnews

SMTP Smuggling – A Quick Summary

SEC Consult researchers showed that some software allows a bad actor to inject a specially crafted email message concealing a second message hidden inside the body of the original message. This passes into the inbound SMTP server, which interprets the text as a separate second message. The attack relies on incorrect handling of the <CR><LF>.<CR><LF> sequence of…

Read More
22. 12. 2023 Giacomo Giallombardo ctf-writeups, SEC4U

WP-CTF23 Write-up, OSINT Challenges

During WP-CTF 2023 hosted at Würth Phoenix headquarters, a fresh set of CTF challenges were unveiled. These challenges spanned various fields, including OSINT, Digital Forensics, and Blockchain investigations. In this article, I’m going to delve into the solutions for some challenges presented by the Würth-Phoenix security team. THE FIRST CHALLENGE The first challenge, titled “There…

Read More
20. 12. 2023 Massimo Giaimo Exposure Assessment, SEC4U

EPSS implementation in SATAYO

The Exploit Prediction Scoring System (EPSS) is a data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild , as my colleague Beatrice Dall’Omo has already had the opportunity to talk about in this article. EPSS was developed by FIRST (https://www.first.org/epss/) with the aim of assisting those responsible…

Read More
14. 12. 2023 Massimo Giaimo SEC4U

Enrichment of the Ransomfeed Project

There are community projects that, once implemented, become true points of reference. One of these is certainly the DRM – Dashboard Ransomware Monitor project. This project, founded by Dario Fadda in 2020, monitors ransomware groups through scraping activities, to store claims regarding victims within a permanent RSS feed. However not everyone knows that starting from…

Read More
16. 11. 2023 Beatrice Dall'Omo Red Team, SEC4U

Don’t Do Without EPSS: Vulnerability Prioritization

During a Vulnerability Remediation process, understanding which vulnerabilities pose a real and significant risk for an organization is not so obvious, and most of the time it involves several different aspects. It takes into consideration several factors related to available resources and time, company assets, severity, compatibility with fix methodologies, and others.  There is no…

Read More
30. 10. 2023 Mirko Ioris Blue Team, Red Team, SEC4U

Adding SOAR Features to the SOC – Part 1: Vulnerability Management

Security Orchestration, Automation and Response (SOAR) is a set of functionalities used by the SOC team to automate security activites, improve workflow management and share threat intelligence data. Security Operation Centres (SOCs) can leverage SOAR to gain in-depth knowledge of the threats they face, trigger automatic responses to security issues and achieve better efficiency. In this…

Read More
26. 10. 2023 Luca Zeni Blue Team, SEC4U

From Chaos to Case: How SLAs Make Life Better!

One of the primary responsibilities of a Security Operation Center (SOC) is to effectively manage issues related to monitoring the security perimeter. This involves the meticulous analysis of alerts, the creation of subsequent cases, and if necessary, the escalation of incidents to the client through ticketing systems or, in some cases, the closure of incidents…

Read More
01. 10. 2023 Elena Valgoi Events, NetEye, SEC4U, Unified Monitoring

NETEYE USER GROUP 2023… #italianedition

The event of the year, the NetEye User Group, is back! The User group is not only a chance to inform our customers about new products and releases, but also an occasion to meet and exchange feedback and ideas. This year the NetEye Usergroup took place in Rocca Sveva, a centuries old villa located in…

Read More

Archive