Cyberwarfare News Round-Up: April 2022

The Russo-Ukrainian was continues to rage on in both the physical world and cyberspace, providing an ongoing stream of events to analyze and new security threats to study. While the world is focused on this conflict, other threat actors remains active and mostly unreported.

What Is a Business Email Compromise (BEC) Attack?

a threat actor phishing a user via email

What Is a Business Email Compromise (BEC) Attack? A Business Email Compromise (BEC), sometimes called a “BEC attack”, begins with threat actors compromising and spoofing emails to impersonate an organization’s CEO, heads of departments, executives, or vendors. It has several characteristics similar to spear-phishing attacks: emails targeted towards a specific individual, enterprise, or business to […]

How to Report a Phishing Email using Outlook on the Web

Outlook logo

What is Phishing and Why is it Bad? Phishing is a term that refers to a digital attack that attempts to bait someone into a particular action. The connection to regular fishing (with an f) is straightforward: In real-life fishing, you bait the hook with a worm or lure in an attempt to convince a […]

Hack-a-Sat2 Write-Up – Tree in the Forest

hack-a-sat2 logo

Hack-A-Sat2: Tree in the Forest Introduction The Hack-a-Sat 2 qualifications were held online from June 26th, 2021 to June 27th, 2021. This CTF focused on the cybersecurity of spacecraft, namely satellites. As the global space race heats up, the need for securing space-based systems is growing, hence the U.S Air Force along with the U.S. […]

CVE-2020-9448 – XSS Vulnerability in the Digital Guardian Management Console

Digital Guardian Logo

CVE-2020-9448 – Authenticated Cross-Site Scripting in the Digital Guardian Management Console DeepCode reported a Cross-Site Scripting vulnerability in the Digital Guardian Management Console on 25th February 2020. The vulnerability results from a lack of input validation in the filtering feature of the “Policies & Rules” menu of the management console. Vulnerability in Filters The filtering […]

The Solfa Cipher (NSEC17 Write-Up)

NSecl logo

The Solfa Cipher Between May 19th and 21st, 2017, I’ve participated in the NSEC 17 Capture-the-Flag (CtF) event held annually in Montreal, QC. As usual, the team and I had a blast spending days and nights solving challenges and drinking free beer. Among the challenges was a two-part cryptographic puzzle printed on the first and last […]

Software Exploit Development – Fuzzing with AFL

Software exploit development with afl, peda and pwntools

It’s quite impressive to look back in the past to the early days of software vulnerabilities and observe the ongoing dance between new mitigation and new exploitation techniques. Powerful fuzzing tools are now commonplace and operated on a daily basis by IT corporations and security labs; either to find crashes in their software or others’ […]