The event of the year, the NetEye User Group, is back again, in presence! The User group is not only a chance to inform our customers about new products and releases, but also an occasion to meet and exchange feedback and ideas. This year’s NetEye User group took place in the beautiful city of Verona…
Read MoreFor those who don’t know, several of us at Wuerth-Phoenix often participate in Capture The Flag (CTF) events. CTFs are programming challenges where a message (the flag) is hidden somewhere inside code, an application or a website. Usually they are divided into different categories, and within this article we’ll focus on a forensics challenge. I…
Read MoreHere we go again! 🤩 Join us for the physical NetEye User Group, Italian edition, on 9th November 2022, from 9.30 AM to 5 PM at the Winter Garden Crowne Plaza in Verona! A day full of vITality! After a welcoming introduction, you’ll get to know all the news and strategic info about NetEye and…
Read MoreAfter two years of online events, we finally made it to organize a live event in Germany! And it was a huge success! The Usergroup is not only a chance to inform our customers about new products and releases, but also an occasion to meet and exchange feedback and ideas. This year’s NetEye Usergroup took…
Read More🛡️ A remarkable synergy was created between our SATAYO platform and the Elastic solution, which generated the first solution capable of covering even the most important phase of the attack à la reconnaissance. Curious? Sign up for the seminar 👇🏼
Read MoreOur yearly NetEye User Group is back! After two years of online User Groups, we are finally back with THE event!This year, our NetEye User Group DACH 2022, will take place in the Zukunftsmusuem in Nuremberg with a major focus on cyber security, a topic that is more relevant than ever! Our speakers will talk…
Read MoreEver heard of HackInBo? HackInBo is the main event in Italy for the cyber security community, bringing together (for almost 10 years now!) hundreds of passionate attendees for two days in Bologna…. We were there on May 27th and 28th… and it was an amazing experience! This year, and for the first time, the event…
Read MoreZero-day vulnerabilities pose a serious threat in the field of cybersecurity. These flaws are usually discovered and exploited by criminals before security researchers even know of their existence. Because of this, we call them 0-day. It indicates the amount of time the “good people” have had to study and solve the problem. So if this…
Read MoreThe Cyber Apocalypse CTF is back with the 2022 edition. It’s a Jeopardy-style competition organized by Hack The Box and is open to everyone. Together as a security-focused guild (a concept taken from the Spotify model) we here at Würth Phoenix participated in this challenge and in particular I focused on the web challenges. After…
Read MoreOn May 12th, the CSIRT (Computer Security Incident Response Team – Italia) published a list of the CVEs most exploited by threat actors. The list also contains an indication of the TTPs used by these attackers. The objective of this article is to make information available relating to detection rules that are already available within…
Read MoreStarting from a static analysis done by Cyble Research Lab (https://blog.cyble.com/2022/05/06/rebranded-babuk-ransomware-in-action-darkangels-ransomware-performs-targeted-attack/) of ransomware called Dark Angels, we gained evidence about the activities of the Dark Angels ransomware group. An OSINT analysis carried out by our Würth Phoenix team helped to reach the Ransom Operator blog and one of the victim pages. Based on the evidence…
Read MoreOn January 29th, I attended my first CTF (capture the flag) competition: the Insomni’hack teaser.Based on my skills, I decided to go for the challenge called Vault which consists of a web-based vault of five pages: a home page, one where you can see the key/value pair you entered after logging in, a page for…
Read MoreWe decided to carry out an evaluation of Elastic’s EDR using the APT Simulator (https://github.com/NextronSystems/APTSimulator) tool. This tool is widely used within the cyber security community and is highly reputed, as it was developed by Florian Roth, who also created the Sigma Rule project. APT Simulator is a Windows Batch script that uses a set…
Read MoreWithin our Attacker Centric Security Operation Center, we look for the best detection rules every day to help you detect attack scenarios. One of the most important projects that we use as a source in this area is without doubt that of Sigma Rule (https://github.com/SigmaHQ/sigma). The project, founded by Florian Roth (https://www.linkedin.com/in/floroth/), has almost 300…
Read MoreOne of the important elements of Cyber Threat Intelligence activity is the verification of IoCs (Indicators of Compromise) that can identify threats that can create an impact on your organization. In parallel to our OSINT and Cyber Threat Intelligence SATAYO platform we have implemented the SATAYO IoC database which currently has about 900,000 elements. Among…
Read More