Zero Trust (ZT) focuses on the idea that one should always assume the environment has been compromised. The guiding principle of Zero Trust is to handle all resources, without trust, on both granular and global levels. In doing so, one is required to embrace a total buy-in of risk-based decisions in-lieu of assuming any resource is trustworthy despite following best practices or historically accepted security guidance. The traditional workflow of deploy, monitor, assess, wash-rinse-repeat has morphed into the next generation best practice of trust nothing and assume everything is potentially malicious. When digesting this ZT perspective, one could easily look at an environment and see an unending expanse of circular dependencies, of which none can be trusted. With the depth and breadth of different Zero Trust guidance, establishing a baseline for a ZT program becomes non-trivial.

Read More

The digital era has ushered in unparalleled technological advancements and global connectivity. As our reliance on digital infrastructure grows, so does the sophistication and frequency of cyber threats. Organizations of all sizes grapple with escalating risks of data breaches, ransomware attacks, network intrusions, and various forms of cyber espionage.

Traditional approaches to cybersecurity, such as rule-based systems and signature-based detection, have proven to be inadequate against the ever-evolving and highly dynamic nature of cyber threats. As cyber attackers employ increasingly sophisticated techniques and exploit complex network topologies, the need for innovative and adaptive cybersecurity solutions becomes imperative.

Read More

Question: Can source code stored in an online service be ransomed away from the owner?

I want to share a recent story that I hope will help some of you. For more than 25 years, I have practiced cyber defense with the belief that if we understand how offensive cyber-attacks work and how attackers think, we can help defend others from them. Recently the question stated above was posed to me in technical conversation. After thinking about this carefully, for my answer I said the following to quote 'The Simpsons' cartoon: "Short answer, 'yes with an if'. Long answer, 'no with a but'".

Read More

CyberPoint NORDIC lead Alex Levesque discovered a vulnerability in Avaya Aura Application Enablement Services servers. Following CyberPoint's responsible disclosure policy, we provided a writeup of the discovery to Avaya's Product Security Team, who released an Avaya Security Advisory, assigned CVE-2022-2975, and published a patch to the software. The vulnerability allows for privilege escalation and execution of arbitrary code as the root user. CyberPoint will release a full writeup of the discovery 30 days after patch release. To anyone with Avaya systems, please update at your earliest convenience!

Read More

As you may be aware there was a major leak from Conti ransomware/crimeware group. A group I hang out with got the leak. A portion of it was translated with machine learning. The translation was poor so I added a column and manually translated key parts that were incorrect.

Read More

A Sylph (also known as Sylphid) is an air spirit. They are formed of air, they live in the air, and they have unusual power over the air, particularly the wind and the clouds. Usually, Sylphs are portrayed as guardians who protect secret knowledge, beautiful women, or the environment, but it's not out of the question for a Sylph to cause mischief among men.

CyberPoint is no stranger to malware and malware analysis. Our work has us detecting malware, analyzing malware, and occasionally writing malware.

Read More

The advent of quantum computing (QC), if it happens, will break nearly every practical application of cryptography in use today, making e-commerce and many other digital applications insecure.

Symmetric algorithms used for encryption, like AES, are still thought to be safe (with sufficient key length – e.g. AES-256 or larger); however, current asymmetric algorithms like RSA and ECDSA (Elliptic Curve Digital Signature Algorithm) will be rendered essentially useless once quantum computers reach a certain scale.

Read More

Ask a computer scientist the worst-case complexity of the Ford-Fulkerson algorithm¹ with integral edge capacities, and you'll likely get the answer of O(E*|f|), where E is the number of edges in the graph, and |f| is the capacity of the maximum flow, f, that the algorithm seeks to find. Indeed, that would have been my answer, as well. Until I tried to exploit that worst-case behavior.

Read More

OTAs (Other Transaction Agreements) are appropriate when you want prototypes (demos, validation, feasibility) of innovative capabilities directly relevant to weapons or weapons systems, and directly related to mission effectiveness (of personnel and supporting platforms, or by improvement of platforms/systems/components thereof).

Read More

In my previous blog post, I discussed our endeavor to benefit from unsupervised learning on CyberPoint's malware dataset. One of the more intriguing tools I played with during that effort was the normalized compression distance (NCD).

Read More

As a follow-up to our talk at Ruxcon, "Make ETW Great Again", we wanted to go into a bit more depth than we could cover in our hour long talk. While our talk consisted of multiple examples of ETW usage, detecting ransomware, USB Keylogging, and sniffing SSL encrypted data from WinINet…

Read More

Software-defined networking, commonly referred to as SDN, has received a lot of press recently regarding both the technology itself and the impact that it will have in the networking world. At CyberPoint, being a cybersecurity company, we got curious and decided to take a look at the impact that SDN could have on security.

Read More