• Mar 31, 2020

    Some security thoughts about videocalls

    Recently in Norway a school had to stop using the Whereby video conference service because during a video lesson a man broke into the group video conference and ​showed himself naked. This new phenomenon is called, according to Wikipedia, "Zoombombing":… read more »
  • Mar 30, 2020

    Weekly Cybersecurity Roundup #1

    From today, i'll start to split the original "Weekly Roundup" in several small posts spread over the entire week.So, let's start with the "Weekly Cybersecurity Roundup"! Two zero days are Targeting DrayTek Broadband CPE Devices From December 4, 2019, 360Netlab… read more »
  • Mar 27, 2020

    Amethyst: an 8-bit home computer based on ATmega1284

    Amethyst is a great project by Matt Sarnoff.It's like a classic home computer: it has an integrated keyboard and can generate audio and video and has a built-in high-level programming language for users to write their own programs. It uses… read more »
  • Mar 26, 2020

    A brand-new attack hijack routers’ DNS to push malicious COVID-19 apps

    A recently discovered campaign that targets home and small-office routers is redirecting users to fake COVID-19 informational sites that attempt to install password stealing malware. A post published by security firm Bitdefender [1] said the attack is targetting Linksys routers,… read more »
  • Mar 25, 2020

    Windows Service Accounts enumeration using Powershell

    Windows Service Accounts are the elephant in the room in the corporate environment: things that nobody ever talks about or considers to be a problem. Often, these service accounts are in the Domain Admins group, with passwords like "Service123", "Password123",… read more »
  • Mar 24, 2020

    ADV200006: critical Windows RCE exploited in the wild

    Microsoft has released a security advisory about a remote code execution vulnerabilities affecting all currently supported versions of Windows and Windows Server operating systems. According to advisory [1], a remote attacker can exploit these vulnerabilities, affecting the Adobe Type Manager… read more »
  • Mar 23, 2020

    My Weekly RoundUp #132

    Also last week, the main topic was Covid-19: Let's try to recap.Ah, I forgot: STAY. AT. HOME. http://www.commitstrip.com/en/2020/03/19/stay-at-home/ Technology Google’s coronavirus information site is now live Google has just launched a site with information and resources to understand the coronavirus… read more »
  • Mar 20, 2020

    Pypykatz: a Mimikatz Python implementation

    Mimikatz is a famous post-exploitation tool written in C by Benjamin Delpy: it allows a local attacker to dump secrets from memory exploiting Windows single sign-on functionality. How Mimikatz works? Until Windows 10, Microsoft's OSs by default used a feature… read more »