Masscan is a fast network scanner that is good for scanning a large range of IP addresses and ports. We’ve adapted it to our needs by… — By Konstantin Molodyakov Masscan is a fast network scanner that is good for scanning a large range of IP addresses and ports. We’ve adapted it to our needs by giving it a little tweak. The biggest inconvenience in the original version was the inability to collect banners from HTTPS servers…

Log4Shell is a critical vulnerability in the Log4j logging library, which is used by many Java web applications. — Log4Shell is a critical vulnerability in the Log4j logging library, which is used by many Java web applications. In protecting against the exploit of Log4Shell, you need to know what applications are vulnerable to this attack, which is a rather difficult task. …

We are seeing a surge in Business Email Compromise (BEC) attacks. BEC attacks are not new or uncommon, but this wave has caught our… — We are seeing a surge in Business Email Compromise (BEC) attacks. BEC attacks are not new or uncommon, but this wave has caught our attention because of its scale. Many affected companies have been contacting us since June, and all the attacks share several key patterns.

The article written by Anton Medvedev, reviewed by Vadim Khrykov — The article written by Anton Medvedev, reviewed by Vadim Khrykov Our previous article focused on the different techniques used to detect ProxyLogon exploitation. This time we will talk about the techniques used to detect other notorious MS Exchange Server vulnerabilities, namely CVE-2020–0688, CVE-2020–16875 and CVE-2021–24085. Although these vulnerabilities are not…

By Maxim Suhanov, 2021 — By Maxim Suhanov, 2021 Introduction to Boot Security There are two major concepts for boot security: verified boot and measured boot. The verified boot process ensures that components not digitally signed by a trusted party are not executed during the boot. This process is implemented as Secure Boot, a feature that blocks unsigned, not…

The article was prepared by BI.ZONE Cyber Threats Research Team — The article was prepared by BI.ZONE Cyber Threats Research Team This is not the first time we have come across a cybercriminal group that pretends to be a legitimate organisation and disguises its malware as a security analysis tool. …

By Anton Medvedev, Demyan Sokolin, Vadim Khrykov — By Anton Medvedev, Demyan Sokolin, Vadim Khrykov Microsoft Exchange is one of the most common mail servers used by hundreds of thousands of companies around the world. Its popularity and accessibility from the Internet make it an attractive target for attackers. Since the end of 2020, we have recorded a…

By Innokentii Sennovskii — By Innokentii Sennovskii How long can it take to register a vulnerability? We are quite used to bug bounties, where most of the time you just have to wait for the company in question to triage your report, and that’s it, now you have a CVE. However, if the company…

By Konstantin Molodyakov — By Konstantin Molodyakov A file structure is a whole fascinating world with its own history, mysteries and a home-grown circus of freaks, where workarounds are applied liberally. If you dig deeper into it, you can discover loads of interesting stuff. In our digging we came across a particular feature of…