Research Blog

First of all, it is necessary to define what threat hunting actually means in the cybersecurity world. In today’s ever-changing cybersecurity landscape, threat hunting is a proactive approach to identify and neutralise malicious activities that may bypass traditional defences. Unlike traditional reactive security strategies, which focus on responding to known […]

Have you ever encountered a security alert in your environment and wondered: ‘What is this? How should we investigate it?’” In this article, we’ll aim to simplify the process of triaging an alert and provide best practices to identify malicious activity efficiently.

One of the most common ways of bypassing a Web Application Firewall (WAF) involves finding out the backend servers’ address and connecting to it directly. An IP can be leaked in many ways, including DNS history, HTTP headers, cookies, virtual host routing with shared infrastructure, stack traces leaking source code, […]

Given its widespread adoption rate and the challenge enterprises face with tracking down where it is being used, Log4j would likely continue to be a relevant attack vector for quite a long time. Because of this, we decided to showcase how one would go about building a local lab that […]

Shortly after the release of the patch for CVE-2021-44228, bundled by Apache as Log4j 2.15.0, researchers already found ways of bypassing the fix: CVE-2021-45046. In particular, for less than a couple of days, a vulnerability was discovered, and while it was initially rated 3.7 and later elevated to 9.0. Needless […]

Quite often, during our red team engagements, we find ourselves in a situation where we need to carry out web research and exploitation over several chained proxies. To that extend, to be able to do any reasonable web testing we need to be able to see the requests we send […]