Cyberwarfare News Round-Up: April 2022
The Russo-Ukrainian was continues to rage on in both the physical world and cyberspace, providing an ongoing stream of events to analyze and new security threats to study. While the world is focused on this conflict, other threat actors remains active and mostly unreported.
INTSUM: Russia-Ukraine Conflict in Cyberspace
The ongoing conflict between Russia and Ukraine has been the main highlight of March 2022, generating a significant increase in online activity. As a majority of the world united against Russian aggression, multiple hacktivist groups have targeted Belarusian and Russian institutions
How to Report a Phishing Email using the Outlook App
This short post provides a step-by-step guide into reporting phishing emails using the Outlook application.
What Is a Business Email Compromise (BEC) Attack?
What Is a Business Email Compromise (BEC) Attack? A Business Email Compromise (BEC), sometimes called a “BEC attack”, begins with threat actors compromising and spoofing emails to impersonate an organization’s CEO, heads of departments, executives, or vendors. It has several characteristics similar to spear-phishing attacks: emails targeted towards a specific individual, enterprise, or business to […]
How to Report a Phishing Email using Outlook on the Web
What is Phishing and Why is it Bad? Phishing is a term that refers to a digital attack that attempts to bait someone into a particular action. The connection to regular fishing (with an f) is straightforward: In real-life fishing, you bait the hook with a worm or lure in an attempt to convince a […]
Hack-a-Sat2 Write-Up – Tree in the Forest
Hack-A-Sat2: Tree in the Forest Introduction The Hack-a-Sat 2 qualifications were held online from June 26th, 2021 to June 27th, 2021. This CTF focused on the cybersecurity of spacecraft, namely satellites. As the global space race heats up, the need for securing space-based systems is growing, hence the U.S Air Force along with the U.S. […]
CVE-2020-9448 – XSS Vulnerability in the Digital Guardian Management Console
CVE-2020-9448 – Authenticated Cross-Site Scripting in the Digital Guardian Management Console DeepCode reported a Cross-Site Scripting vulnerability in the Digital Guardian Management Console on 25th February 2020. The vulnerability results from a lack of input validation in the filtering feature of the “Policies & Rules” menu of the management console. Vulnerability in Filters The filtering […]
CVE 2020-6171 – Cross-Site Scripting in CLink Office v2
DeepCode discovered a Cross-Site Scripting (XSS) vulnerability in CLink Office via parameter injection. As of 18 January 2020, a simple Google search returned 2,500 web servers using the application, mostly in Hong Kong.
Exploit Development with AFL, PEDA and PwnTools
In this tutorial, we expand on our previous article on AFL by developping a simple exploit using PEDA and Pwntools.
The Solfa Cipher (NSEC17 Write-Up)
The Solfa Cipher Between May 19th and 21st, 2017, I’ve participated in the NSEC 17 Capture-the-Flag (CtF) event held annually in Montreal, QC. As usual, the team and I had a blast spending days and nights solving challenges and drinking free beer. Among the challenges was a two-part cryptographic puzzle printed on the first and last […]