-
MFA Bypass – how frameworks like Evilginx are giving threat actors the tools to succeed.
Hopefully it is well known by now that two-factor/multi-factor authentication (MFA) is not a silver-bullet to all your cyber problems. The tooling – Evilginx I previously wrote about Evilginx and how we are starting to see it more and more, even though the original tool was developed back in 2017: https://github.com/kgretzky/evilginx2 What is it? Evilginx…
-
AISA CyberCon 2023
Another year, another Australian Information Security Association (AISA) CyberCon in Melbourne! Always super excited to head down and watch the talks of what the cyber people have uncovered over the past 12 months. Although I didn’t get to nearly as many talks as I would have liked, with so many streams it was hard to…
-
Phishing emails – a breakdown from an Incident Responder getting phished: Part 1.
Finally! A phishing 🎣 email targeted at me to analyse – let’s jump in. This phishing email 📧, and three identical replicas slipped through our email filter and hit my Inbox. Intrigued by my first Gridware phishing email, I’ve taken a closer look at the email and its contents 🕵️♂️. Some interesting points to this…
-
Microsoft Entra – adversary token collection
Great post by Dirk-jan Mollema on token collection via phishing by an adversary https://dirkjanm.io/phishing-for-microsoft-entra-primary-refresh-tokens/
-
Evilginx and Evilginx pro
Working on a BEC with a MFA bypass looking likely, and stumbled upon a common framework utilised for this attack – Evilginx The creator of EvilGinx shared an interesting demo of how you can be easily Phished on LinkedIn and it even bypasses MFA. These types of attacks are becoming increasingly popular. https://twitter.com/mrgretzky/status/1706735382698582026?s=56&t=-dkNDSDHEzyAagaVN0SDgA This morning…
-
Pizza Hut Australia hit by potential cyber incident
Another day, another Aussie org hit by a cyber incident. Source: https://www.databreaches.net/pizza-hut-australia-customer-data-hacked-shinyhunters-claims-to-have-more-than-1-million-customers-information/
-
SANS 2023 Incident Response survey
Some interesting key takeaways: Linke to read the full report here: https://www.sans.org/white-papers/2023-survey-event-incident-response/
-
Invictus Incident Response – AWS Incident Response
Great new tooling put together by the IIR team!! Excited to test this one. https://invictus-ir.medium.com/automated-aws-incident-response-the-next-episode-6d766d95d4f6 Github repo: https://github.com/invictus-ir/Invictus-AWS
-
The anatomy of a forensic investigation
Yesterday some of the Gridware DFIR team had the pleasure of visiting and presenting to the Clyde & Co cyber team on the anatomy of a forensic investigation. Thanks for having us!
NPD4n6: Nicks DFIR blog 