• Maze Ransomware
    In late 2019 and early 2020 Maze Ransomware started its surge in attacks, but what is Maze ransomware, and how do they attack exactly? Maze Ransomware is a fairly recent concept in that it is an evolution of the “ChaCha” ransomware, but will also exfiltrate the data as well as encrypting it. By exfiltrating the…
  • Principles (reasons for effectiveness)
    Authority When a threat actor conveys authority as part of their social engineering, it could be from someone higher in the organisation or possibly IT, people tend to want to please their company and it makes it easier to get access or information from them. Intimidation Intimidation can be used by a social engineer in…
  • Types of Attacks
    • Social engineering Phishing Phishing is a method that attackers use in which they will send emails to a user, pretending to be from reputable companies, in order to get a user to either divulge information or assist the attacker in getting access. Spear phishing Spear Phishing is phishing attack but aimed with a specific…
  • Types of Malware
    Viruses Viruses are a specific piece of malware which replicates itself to further infect other devices, file systems and shares. It generally doesnt require anything to start the replication process, but usually requires some kind of execution to infect the host device. Crypto-malware Crypto-malware is a type of ransomware, which will encrypt all of the…
  • OWASP Top Ten: Number 08
    Insecure Deserialization Insecure Deserialization is when unknown or manipulated object is injected into a web application. This could be SQL injection, path traversal or any number of types of data in order to exploit the system. Insecure Deserialization can be prevented in applications by not accepting serialized objects from untrusted sources. You could also implement…