IOT is even more of a risk than you thought

IOT is even more of a risk than you thought

GRIMM
GRIMM purchased a GeoVision camera that arrived off-the-shelf with security vulnerabilities like most consumer IOT devices. The camera is a stand-in for any IOT device in a residential, industrial, or enterprise environment. The team demonstrated through a practical hands-on-exercise at HackNYC, RSA, Hack the Capitol, and multiple BSides where participants learn how to use a publically available exploit to compromise an emulated home network. The team modeled the design and configuration of the hands-on-exercise from a traditional use case:
Know Your Enemy: Botnet Command and Control Architectures

Know Your Enemy: Botnet Command and Control Architectures

Hannah Atmer
What would you do if your company’s IT devices were discovered to be part of a botnet? In October 2018, dozens of companies’ Hadoop servers were found to be compromised and participating in a self-replicating botnet. The botnet’s malware was able to install itself via a vulnerability in Hadoop that had been publicly known for over two years [1]. Botnets are a significant threat to U.S. online infrastructure. According to Kaspersky Labs, the majority of cyber attacks originating from botnets in 2018 targeted financial services and online stores [2].
SCYTHE Goes Atomic

SCYTHE Goes Atomic

SCYTHE

The SCYTHE team is excited to announce that our latest release gives you the power of Atomic Red Team with all the automation and ease of use of the SCYTHE platform. Plus, you can now create and share your own SCYTHE threats allowing the ecosystem of adversary simulation to expand via the community!

Modern Authentication Bypasses

Modern Authentication Bypasses

Michael Cosmadelis
Introduction *hacker voice* “I’m in” is a Hollywood-esque phrase you’ve probably heard before. But how does someone actually do that? Do you wear a hoodie and change your terminal text to bright green? You could, but that won’t be of much help. Bypassing authentication is when an attacker gains access to an application, service, or device with the privileges of an authorized user by evading the checks of an authentication mechanism [1].
Five Cybersecurity Questions for Boards or Investors

Five Cybersecurity Questions for Boards or Investors

Ryan Leirvik
Boards of Directors and investors do not need to be technical experts to oversee or discover cybersecurity risk in organizations. They do, however, need to ask probing questions to ascertain the maturity level of, and fundamental challenges within, the way organizations understand and manage cybersecurity risk. In our interactions with Executive Board of Directors, Venture Capital Investors, and M&A due diligence analysts, a common question routinely surfaces when executives seek to understand a company’s cybersecurity risk: What do I need to ask to gain a true sense of how a particular organization understands and manages cybersecurity risk?
The Purple Team - Organization or Exercise

The Purple Team - Organization or Exercise

SCYTHE
As the cybersecurity industry continues to evolve, the use of certain terminology is changing and becoming more prevalent; such as the increased mention of Red Teams and Blue Teams inside boardrooms and IT departments. With the use of these terms, it is also means their definitions can be broad or confusing, sometimes becoming interchangeable with other terms which may or may not be applicable. For example, a staff member may use the term “Red Team” however this could refer to either an internal team within that organization or an external Penetration Testing Firm.
   DNI Threat Assessment - Practical Guidance for your Company

DNI Threat Assessment - Practical Guidance for your Company

Adam Nichols
Last week the Director of National Intelligence released a Worldwide Threat Assessment. It’s fairly short and to the point (only 42 pages), but I wanted to summarize for those who don’t have time to read it and help apply it to enterprise defense. The main two things to take away from this report are: Threats: there are real threats against your organization, and Capabilities: it’s important to understand their capabilities.
Fileless Malware and the Threat of Convenience

Fileless Malware and the Threat of Convenience

SCYTHE

Many of the conveniences brought via modern tools, operating systems, and applications also bring means for an adversary to execute actions while under the guise of a valid service. This is seen distinctly in the increased use of Fileless Malware.

Paintball at the WMCAT Hub Debut

Paintball at the WMCAT Hub Debut

Abraham Jones
Paintball with a purpose. That was the theme for the 6th Annual Purple Event, hosted by the West Michigan Cyber Security Consortium (WMCSC) on October 10th at the West Michigan Center for Arts and Technology (WMCAT) facility. A purple-team cyber competition is unique in that it consists of teams made up of five offensive (red) and five defensive (blue) security professionals. They work together and share skills and knowledge in order to exploit, control, and secure assets within the live fire virtual cyber city, Alphaville.