This is the second part of my series about a challenge I developed for the WPCTF. In the first article (Infection Chain – Behind the Scenes), I talked about my experience participating in the WPCTF from a different perspective: not as a player, but as a challenge creator. I introduced the idea behind my challenge…
Read MoreThe year is almost over and there’s one thing that always marks this period: the end of one of our biggest and most hyped events. You probably already know what I’m talking about… but just in case you don’t (or even worse, have no idea what the most awaited event of the year is) let…
Read MoreIntroduction Kerberoasting remains one of the most popular techniques for attackers attempting to escalate privileges inside a Windows domain. By requesting service tickets (TGS – Ticket Granting Service) encrypted with weak algorithms, an attacker can extract hashes and crack them offline to recover service account passwords. It should be mentioned that a Kerberos ticket request…
Read MoreMy SANS Course in London – April 2025 Back in April, I had the opportunity to attend a SANS course in London. More precisely, SANS 504: Hacker Tools, Techniques, and Incident Handling. The course ran from April 7th to April 12th, and those six days were intense, exciting, and surprisingly fun in ways I didn’t…
Read MoreRecently Icinga DB Web had a new security release, fixing a vulnerability where protected or hidden custom variables could be inferred by any user with object visibility by abusing comparative filters on those hidden variables.
Read MoreWhen we talk about security assessments, the first thing that comes to mind is a snapshot of a company’s security posture: vulnerabilities, misconfigurations, uncontrolled access, and so on. But reducing these activities to a mere “test” means missing a key strategic opportunity: turning every assessment into the possibility of helping the internal IT team grow…
Read MoreScenario: Introduction Think of an organization that maintains most of its IT infrastructure on Azure. It applies a segmentation strategy by branch office, where the assets underlying each regional branch office are deployed to their specific landing zone subscription, i.e. SUB-BRANCH-A, SUB-BRANCH-B, etc. The landing zones share the same Microsoft Entra ID Tenant as their…
Read MoreIn the latest update to NetEye 4.42, we’re excited to announce the introduction of support for the Content-Security-Policy (CSP) header within the Icinga Web 2 interface. This enhancement plays a crucial role in strengthening your system’s defenses against cross-site scripting (XSS) attacks by controlling what resources a browser is allowed to load. What is Content…
Read MoreLet’s assume we have the following reference scenario, which we’ll use just for simplicity: A fictitious commercial freight business moves large volumes of goods all over Europe. It has two legally registered offices, one in the Netherlands (Western Europe) and the other in Ireland (Northern Europe), where the accounting departments are located. The business’ board…
Read More
The 2024 edition of the WP CTF has ended, and we are thrilled to announce its resounding success! This year, approximately 80 participants formed teams from across Europe, including Greece, Germany, Austria, and the Netherlands. Staying true to tradition, WP CTF 2024 featured a Jeopardy-style competition with diverse categories such as AI, Cryptography, OSINT, Web,…
Read MoreThere’s no way around it: Artificial Intelligence is reshaping our world in profound ways, and it’s here to stay. In recent years we’ve entered a golden age for specialized hardware and algorithms suited to enhance machine learning models. These technologies are now bringing significant advances across various sectors, from finance to healthcare, from e-commerce to…
Read MoreOn Friday morning, July 19th, a major computer outage caused problems in Microsoft computers all over the world. There were delays and flight cancellations at several airports, and malfunctions in the computer systems of banks, shops, hospitals and the media. The IT blackout was caused by a faulty update released for Falcon Sensor, the EDR…
Read MoreThis article explains how the Cyber Threat Intelligence platform SATAYO serves as a powerful resource to optimize processes and strengthen threat coverage within the Würth Phoenix Attacker Centric SOC. We will analyze the utilization of SATAYO’s internal resources for creating Detection Rules and managing SOC alerts. Additionally, we will examine how the logs in SIEM…
Read MoreA Security Operation Center (SOC) is a service where the customer is an active participant. Establishing a good relationship with the customer is an important requirement for handling security incidents more efficiently. Our SOC analysts produce and deliver several reports, most of them on a monthly basis. They are usually presented to clients during a…
Read More
On November 25th, in collaboration with the universities of Verona, Padova, Trento, and Bolzano, we hosted the WPCTF event—a thrilling Capture The Flag (CTF) competition that engaged over 50 cybersecurity enthusiasts. In this blog post, we’ll explore into our journey in organizing the event, focusing on the technical aspects that made WPCTF a memorable success….
Read More