Writing a stealer logs parser
Mon 08 July 2024
This blog post introduces a tool that extracts stolen credentials from text files coming in varying formats in order to address CTI and Red Teaming needs.
XORtigate: Pre-authentication Remote Code Execution on Fortigate VPN (CVE-2023-27997)
Wed 14 June 2023
A pre-authentication remote code execution on Fortigate SSL VPN was discovered by Lexfo (CVE-2023-27997).
CVE-2023-27997 - Forensics short notice for XORtigate
Tue 13 June 2023
Some feedbacks on what we observed in Forensics with the Pre-auth RCE on Fortigate VPN (CVE-2023-27997) in our test environment.
Sshimpanzee
Fri 24 March 2023
Sshimpanzee, a reverse SSH tool with encapsulation feature.
Cobalt Strike Investigation - Part 2
Thu 09 March 2023
This second part will focus on the 'jump' command in Cobalt Strike, used to establish a connection from a compromised system to the command and control (C2) server.
Cobalt Strike Investigation Part 1
Tue 20 September 2022
Cobalt Strike Investigation - Part 1
Obfuscated obfuscation
Mon 11 April 2022
This article is a step-by-step guide to reverse an APK protected with DexGuard using Jadx
AvosLocker Ransomware Linux Version Analysis
Wed 02 March 2022
Avoslocker analysis
Visit also our blog dedicated to web security research