Cyberwarfare News Round-Up: April 2022

The Russo-Ukrainian was continues to rage on in both the physical world and cyberspace, providing an ongoing stream of events to analyze and new security threats to study. While the world is focused on this conflict, other threat actors remains active and mostly unreported.

What Is a Business Email Compromise (BEC) Attack?

a threat actor phishing a user via email

What Is a Business Email Compromise (BEC) Attack? A Business Email Compromise (BEC), sometimes called a “BEC attack”, begins with threat actors compromising and spoofing emails to impersonate an organization’s CEO, heads of departments, executives, or vendors. It has several characteristics similar to spear-phishing attacks: emails targeted towards a specific individual, enterprise, or business to […]

The Solfa Cipher (NSEC17 Write-Up)

NSecl logo

The Solfa Cipher Between May 19th and 21st, 2017, I’ve participated in the NSEC 17 Capture-the-Flag (CtF) event held annually in Montreal, QC. As usual, the team and I had a blast spending days and nights solving challenges and drinking free beer. Among the challenges was a two-part cryptographic puzzle printed on the first and last […]

Software Exploit Development – Fuzzing with AFL

Software exploit development with afl, peda and pwntools

It’s quite impressive to look back in the past to the early days of software vulnerabilities and observe the ongoing dance between new mitigation and new exploitation techniques. Powerful fuzzing tools are now commonplace and operated on a daily basis by IT corporations and security labs; either to find crashes in their software or others’ […]

Remembering the ‘Stakkato’ Hacks

a person typing on laptop-while-wearing a fingerless gloves

Philip Gabriel Pettersson, best known by the pseudonym of “Stakkato” can be said to have reached legendary status within the computer security community of his numerous successful breaches of high-level targets between 2003 and 2005. Then a 16-year-old hacker from Uppsala, Sweden, he successfully infiltrated systems of large universities, the United States military, NASA and […]