While studying internals of a mechanism used by all EDR software to get information about processes activities on Windows, we came across a way for malicious processes to disable the generation of some security events related to process interactions. This…
Process injection is a family of malware development techniques allowing an attacker to execute a malicious payload into legitimate addressable memory space of a legitimate process. These techniques are interesting because the malicious payload is executed by a legitimate process…
Introduction Definition of electronic voting Electronic voting is a dematerialised, self-counting voting system in which voters use electronic devices to record their votes. The system can be used remotely via internet voting, or in person where voters can visit polling…
A quick overview of phishing techniques on Azure and Office 365 Phishing attacks are well known. The objective of this type of attack is to perform actions from a victim's account or to retrieve information about the targeted person or…
In our last Assume Breach engagement, the client gave us a domain-joined computer and a VPN access telling it was the only option to access the internal domain. Other computers would be able to access to some resources using specific…
Once again, the CERT-W 2022 report confirms that the main motivation of attackers continues to be financial gain and ransomware remains the most common means of extortion. Ransomware attacks are among the most severe cyberattacks in terms of their impact on…
During protests in Philadelphia towards the end of May 2020, two police vehicles were set on fire. Photos of the event posted on Instagram and cross-referencing of aliases, visible on Etsy, Poshmark and LinkedIn, will lead[1] an FBI investigator to…
The increase in cyberattacks witnessed over the last few years can be partially attributed to the evolution and spread of automation tools, which are leveraged to perform wider attacks with fewer resources. Many steps of an attack can be automated…
Yesterday, the team YoloSw4g from Wavestone's Cybersecurity practice took part in the 2022 Defcamp CTF finals. Defcamp is one of the top cybersecurity conference in Europe and every edition is hosted in Bucharest, Romania. Wavestone had the opportunity to play…
This year again, we were delighted to be able to share our knowledge during Hacker Summer camp (cybersecurity conferences that happen roughly at the same time in Las Vegas each year: BlackHat, BSides Las Vegas, and DEFCON). (Thomas is…
