While on-premises Active Directory environments are being hardened against threats (tiering model, network segmentation, admin bastions, domain controller hardening), attackers are now exploiting a new component to compromise their targets: cloud resources, particularly App Registrations linked to Microsoft 365 services.…
Wavestone was present during the 2025 edition of Barb'hack, a French cybersecurity conference happening yearly in Toulon. You will find below bits and pieces from what we deemed were the most interesting conferences. Keeping Responder Relevant: The Hidden Potential…
Over the past decade, cloud infrastructure such as Amazon Web Services (AWS), has been increasingly used to host critical infrastructure, manage sensitive data, and ensure global scalability. The shift to hybrid and cloud-native architecture has deeply transformed how infrastructure is…
LeHack is one of the oldest and most well-known security conventions in France. It took place from June 26th to June 29th, 2025. The technical presentations held throughout the convention provided an opportunity to explore some of the current cybersecurity…
Phishing attacks are as old as the Internet. However, over the years, the techniques and means for the phishing changes but the final goal is the same: getting an initial access to the internal network. Usually, threat actors try to…
For the last few weeks, I have been developing a full custom Command and Control (C2). This C2 uses several Windows DLL for network communication and specially the WINHTTP.DLL one to handle HTTP requests used for the HTTP and HTTPS…
1. Overview In an information system, applications are not equal. Some of them can be used as an entry point in the information system, others are used as compromise accelerators, and some are saved for post-exploitation. These applications are called…
Among the technologies that seemed like science fiction only a few decades ago and are now an integral part of the digital ecosystem, Facial Recognition (FR) holds a prominent place. Indeed, this tool is increasingly present in our daily lives:…
While studying internals of a mechanism used by all EDR software to get information about processes activities on Windows, we came across a way for malicious processes to disable the generation of some security events related to process interactions. This…
Process injection is a family of malware development techniques allowing an attacker to execute a malicious payload into legitimate addressable memory space of a legitimate process. These techniques are interesting because the malicious payload is executed by a legitimate process…
