Endpoint and Network Detection and Mitigation

DETECT AND PREVENT THE MOST THREATS

MITIGATE FAST AND EFFECTIVELY

The CounterTack platform combines a comprehensive stack of endpoint and network detection technologies that align with the technology stack used in today's advanced attacks.

Our MDR service suite delivers the knowledge and skillset to proactively manage security risks and deliver successful and expedient threat mitigation.

EVALUATE COUNTERTACK WITH
THREAT HUNTING FOR 30-DAYS

Integrated NextGen AV, EDR and Insider

The CounterTack platform delivers the deepest threat detection technology stack available today.  It detects threats on-disk, and in the OS.  It is the only EPP solution that detects threats in live physical memory.  All is a single sensor.

LEARN MORE

Continuously monitor for suspicious behavior

Continuously monitor for suspicious behavior

Detect malware, ransomware and fileless attacks in real-time

Detect malware, ransomware and fileless attacks in real-time

Reduce the number of agents on your enpoints

Reduce the number of agents on your enpoints

Track threats deep in the network

The platform extends its threat detection technology stack into the network.  It monitors network traffic with full packet capture, intrusion detection, log capture and sandbox. Combined with endpoint detection, the platform detects the most treats with the highest accuracy

Learn More

Continuously monitor for suspicious behavior

Continuously monitor for suspicious behavior

Eliminate blind spots between the endpoint and the network

Eliminate blind spots between the endpoint and the network

Detect more threats than endpoint detection alone

Detect more threats than endpoint detection alone

Detect stealthy attacks in memory.

CounterTack is the only solution that detects suspicious behavior in memory.  Our patented Digital DNA detects, predicts and alerts on obfuscated malware and zero-day attacks as they are loaded into live physical memory.

Learn More

Detect threats that circumvent other endpoint solutions

Detect threats that circumvent other endpoint solutions

Predict malicious intentions

Predict malicious intentions

Enable proactive mitigation

Enable proactive mitigation

Predict, Convict and Mitigate

Real-time alerts and dashboards enable fast and efficient forensics. Predictive technologies combined with Machine Learning convict suspicious behaviors with no false positives.  Correlation of endpoint and network data sources trace attacks to their root causes.

Learn More

Streamline threat investigation and mitigation

Streamline threat investigation and mitigation

Proactively terminate fast moving attacks

Proactively terminate fast moving attacks

Mitigate right the first time

Mitigate right the first time

Automatically Mitigate Threats

Kill, Quarantine and Inoculate actions contain and terminate threats before they can execute.  Deny, Delay and Degrade actions slow down and impede attacks through advanced manipulative techniques prior to processing by the Operating System.

Learn More

Contain and terminate threats immediately and automatically

Contain and terminate threats immediately and automatically

Slow down attacks better mitigation decisions

Slow down attacks better mitigation decisions

Free up time to investigate higher priority threats

Free up time to investigate higher priority threats

Cloud delivered scalability, reliability and performance

CounterTack consists of a single endpoint sensor and network appliance.  The platform is powered by SAP HANA, delivering the most scalable, reliable and performance today.  CounterTack is cloud delivered and also available on-premise.

Learn More

Cloud delivered in a single, affordable subscription

Cloud delivered in a single, affordable subscription

Simplified deployment for fast Time-to-Value

Simplified deployment for fast Time-to-Value

Low Total Cost of Ownership

Low Total Cost of Ownership

Mitigation Ownership with Aggressive SLAs

Our Threat Hunting team combines predictive threat data from the CounterTack platform with contextual understanding of your business and users, to isolate and proactively mitigate the most advanced threats. We will own mitigation, backed by 10-minute threat determination-to-mitigation SLAs.

Learn More

Continuously protect your business operations

Continuously protect your business operations

Mitigate threats faster and more effectively

Mitigate threats faster and more effectively

Augment your SOC with world class threat hunters

Augment your SOC with world class threat hunters

Eliminate 80% of endpoint vulnerabilities

IT Hygiene automates patch management across multiple operating systems, applications and browsers.  It applies advanced technologies and a governance framework to eliminate the biggest source of vulnerabilities - poor patching and unknown applications .

Learn More

Patch management for over 7,000 applications

Patch management for over 7,000 applications

Reduce risk and ensure compliance

Reduce risk and ensure compliance

Reduce the cost of do-it-yourself patch management

Reduce the cost of do-it-yourself patch management

Assess and improve your cybersecurity posture

Cyber Security Assessment identifies security gaps and delivers an actionable roadmap to improve your overall posture. Our Security Compromise Assessment delivers 60 days of our MDR service. It identifies the hidden malware and advanced hackers that are circumventing your security infrastructure.

Learn More

Identify vulnerabilities and improve your security posture

Identify vulnerabilities and improve your security posture

Detect and mitigate pre-existing threats and attacks

Detect and mitigate pre-existing threats and attacks

Improve resiliency against future attacks

Improve resiliency against future attacks

Consolidate security management

Our Managed Services cover all aspects of cybersecurity - perimeter, application and endpoint defense, and more. Managed Services are delivered by our SOC, staffed by over 40 security analysts, delivering 24 x 7 x 365 coverage. 

Learn More

Improve utilization of security resources

Improve utilization of security resources

Increase ROI on security investments

Increase ROI on security investments

Reduce  security operation costs

Reduce security operation costs

Actionable intelligence to disrupt attacks

The R&D team combines in-house investigation with 3rd party threat intelligence to deliver actionable intelligence and tools. They provide visibility into new and advanced TTPs ensuring the continued effectiveness our platform and services.   

Learn More

Single source of threat intelligence

Single source of threat intelligence

Intelligence in context with your environment and business

Intelligence in context with your environment and business

Stay one step ahead of cybercriminals

Stay one step ahead of cybercriminals

Banking Hospitals

World-wide banking losses exceed $1 Trillion

Banks continue to be a prime target for cybercriminals.  A $Trillion US bank and leading Core Banking Software vendor protect their depositor assets and banking operations with GoSecure powered by CounterTack.

Learn More

Secure depositor assets

Secure depositor assets

Ensure uninterrupted banking operations

Ensure uninterrupted banking operations

Protect corporate brand

Protect corporate brand

229 data breaches impacting 6.1M victims

WannaCry and SamSam attacks denied access to EHR systems.  Locked out from patient data, physicians could not provide proper care.  Many hospitals had to turn patients away. GoSecure powered by CounterTack endpoint and network detection and mitigation ensures uninterrupted patient care.

Learn More

Protect PHI

Protect PHI

Ensure continued EHR availability

Ensure continued EHR availability

Protect hospital brand

Protect hospital brand

Water violently leaking from a large pipe

Abusing Unsafe Defaults in Active Directory Domain Services: A Real-World Case Study

By Louis Dion-Marcil

This past July, Kevin Robertson from NetSPI released a blog post entitled, "Beyond LLMNR/NBNS Spoofing – Exploiting Active Directory-Integrated DNS," which introduced a new technique (to us at least) targeting weak default access control in Active Directory Domain Services. At GoSecure, since most of our engagements require some level of Active Directory security assessment, we followed our interest and decided to find a way to reliably exploit it.

Read More

RDP Man-in-the-Middle - Smile! You're on Camera

By Émilio Gonzalez

As part of our four-month internship at GoSecure, we chose to work on creating a Remote Desktop Protocol (RDP) honeypot. To achieve this, we used a Linux server with an RDP man-in-the-middle (MITM) program that redirects traffic to a real Windows Server.

When searching for tools, we found RDPY, a Python RDP library with a MITM implementation. However, RDPY had several limitations both in features and design choices for our use case. This led us to create our own library, which reuses some parts and concepts from RDPY.

In this blog post, we will showcase our newly release open-source project, PyRDP, which is usable both as a MITM and as a library to experiment with the protocol. We will demonstrate both use cases by describing an incident we had with a malicious user that compromised our honeypot.

Read More

Summary of Statistics Canada's Survey on Cybersecurity and Cybercrime

By Masarah Paquet-Clouston

If there is one thing that all cybersecurity professionals agree on is how data and statistics on cybersecurity and cybercrime are misleading and unreliable. This is unsurprising considering that most statistics created, until now, came from the cybersecurity industry itself. By being economically motivated at selling security products, this industry has an unequivocal bias. Fortunately, today, we enter a new era:  Statistics Canada has just released the results of the first Canadian Survey of Cybersecurity and Cybercrime (CSoCC).

Read More

front

The Supply Chain behind the Market for Fake "Likes"

By Masarah Paquet-Clouston

In the past years, there has been increasing awareness by the public and policy makers on the potential harm that social network manipulation can produce. Yet, most researchers have looked at the front end of the problem: developing algorithms to flag fake accounts on social networks and suspend them. No studies have investigated  the problem from an industry perspective, with questions such as:

Read More

Large Scale Vulnerability Scanning with Jenkins

By Benoit Côté-Jodoin

Find Security Bugs can often uncover interesting findings that may lead to the discovery of critical vulnerabilities. Back in May, we published on this blog two vulnerabilities in components of Spring, a Java web framework, using this tool. However, the process of using Find Security Bugs can be a little bit tedious to unseasoned Java users. Also, the process of analyzing compiled code and triaging the findings needed improvements. Here is the solution that was built to find vulnerabilities at scale.

Read More

A Password Hidden Among Other Binary Data

Throwing it out the Windows: Exfiltrating Active Directory credentials through DNS

By Leanne Dutil

This post will detail the password filter implant project we developed recently. Our password filter is used to exfiltrate Active Directory credentials through DNS. This text will discuss the technicalities of the project as well as my personal experience developing it. It is available under an open source license on GitHub.

Read More

Upcoming WEIS presentation: Ransomware Payment in the Bitcoin Ecosystem

By Masarah Paquet-Clouston

In the past year, we developed a data-driven method for identifying, quantifying, and comparing ransom payments in the Bitcoin ecosystem from 35 ransomware families. The study was conducted in partnership with Bernhard Haslhofer from the Austrian Institute of Technology (AIT) and Benoît Dupont from the Université de Montréal (UdeM). It resulted in a paper that will be presented at the 17th Annual Workshop on the Economics of Information Security (WEIS2018) in Innsbruck, Austria, besides renowned academic researchers. 

Read More

GoSecure Merges with CounterTack

By GoSecure

Today, GoSecure, Inc., a cybersecurity Managed Security Service & Managed Detection and Response provider announced a merger with CounterTack, the leading provider of Predictive Endpoint Detection, Response and Prevention for the enterprise.

Read More

Beware of the Magic SpEL(L) - Part 2 (CVE-2018-1260)

By Philippe Arteau

On Tuesday, we released the details of RCE vulnerability affecting Spring Data (CVE-2018-1273). We are now repeating the same exercise for a similar RCE vulnerability in Spring Security OAuth2 (CVE-2018-1260). We are going to present the attack vector, its discovery method and the conditions required for exploitation. This vulnerability also has similarities with another vulnerability disclosed in 2016. The resemblance will be discussed in the section where we review the fix.

Read More

Beware of the Magic SpEL(L) - Part 1 (CVE-2018-1273)

By Philippe Arteau

Read More

Water violently leaking from a large pipe

Abusing Unsafe Defaults in Active Directory Domain Services: A Real-World Case Study

By Louis Dion-Marcil

This past July, Kevin Robertson from NetSPI released a blog post entitled, "Beyond LLMNR/NBNS Spoofing – Exploiting Active Directory-Integrated DNS," which introduced a new technique (to us at least) targeting weak default access control in Active Directory Domain Services. At GoSecure, since most of our engagements require some level of Active Directory security assessment, we followed our interest and decided to find a way to reliably exploit it.

Read More

RDP Man-in-the-Middle - Smile! You're on Camera

By Émilio Gonzalez

As part of our four-month internship at GoSecure, we chose to work on creating a Remote Desktop Protocol (RDP) honeypot. To achieve this, we used a Linux server with an RDP man-in-the-middle (MITM) program that redirects traffic to a real Windows Server.

When searching for tools, we found RDPY, a Python RDP library with a MITM implementation. However, RDPY had several limitations both in features and design choices for our use case. This led us to create our own library, which reuses some parts and concepts from RDPY.

In this blog post, we will showcase our newly release open-source project, PyRDP, which is usable both as a MITM and as a library to experiment with the protocol. We will demonstrate both use cases by describing an incident we had with a malicious user that compromised our honeypot.

Read More

Summary of Statistics Canada's Survey on Cybersecurity and Cybercrime

By Masarah Paquet-Clouston

If there is one thing that all cybersecurity professionals agree on is how data and statistics on cybersecurity and cybercrime are misleading and unreliable. This is unsurprising considering that most statistics created, until now, came from the cybersecurity industry itself. By being economically motivated at selling security products, this industry has an unequivocal bias. Fortunately, today, we enter a new era:  Statistics Canada has just released the results of the first Canadian Survey of Cybersecurity and Cybercrime (CSoCC).

Read More

front

The Supply Chain behind the Market for Fake "Likes"

By Masarah Paquet-Clouston

In the past years, there has been increasing awareness by the public and policy makers on the potential harm that social network manipulation can produce. Yet, most researchers have looked at the front end of the problem: developing algorithms to flag fake accounts on social networks and suspend them. No studies have investigated  the problem from an industry perspective, with questions such as:

Read More

Large Scale Vulnerability Scanning with Jenkins

By Benoit Côté-Jodoin

Find Security Bugs can often uncover interesting findings that may lead to the discovery of critical vulnerabilities. Back in May, we published on this blog two vulnerabilities in components of Spring, a Java web framework, using this tool. However, the process of using Find Security Bugs can be a little bit tedious to unseasoned Java users. Also, the process of analyzing compiled code and triaging the findings needed improvements. Here is the solution that was built to find vulnerabilities at scale.

Read More

A Password Hidden Among Other Binary Data

Throwing it out the Windows: Exfiltrating Active Directory credentials through DNS

By Leanne Dutil

This post will detail the password filter implant project we developed recently. Our password filter is used to exfiltrate Active Directory credentials through DNS. This text will discuss the technicalities of the project as well as my personal experience developing it. It is available under an open source license on GitHub.

Read More

Upcoming WEIS presentation: Ransomware Payment in the Bitcoin Ecosystem

By Masarah Paquet-Clouston

In the past year, we developed a data-driven method for identifying, quantifying, and comparing ransom payments in the Bitcoin ecosystem from 35 ransomware families. The study was conducted in partnership with Bernhard Haslhofer from the Austrian Institute of Technology (AIT) and Benoît Dupont from the Université de Montréal (UdeM). It resulted in a paper that will be presented at the 17th Annual Workshop on the Economics of Information Security (WEIS2018) in Innsbruck, Austria, besides renowned academic researchers. 

Read More

GoSecure Merges with CounterTack

By GoSecure

Today, GoSecure, Inc., a cybersecurity Managed Security Service & Managed Detection and Response provider announced a merger with CounterTack, the leading provider of Predictive Endpoint Detection, Response and Prevention for the enterprise.

Read More

Beware of the Magic SpEL(L) - Part 2 (CVE-2018-1260)

By Philippe Arteau

On Tuesday, we released the details of RCE vulnerability affecting Spring Data (CVE-2018-1273). We are now repeating the same exercise for a similar RCE vulnerability in Spring Security OAuth2 (CVE-2018-1260). We are going to present the attack vector, its discovery method and the conditions required for exploitation. This vulnerability also has similarities with another vulnerability disclosed in 2016. The resemblance will be discussed in the section where we review the fix.

Read More

Beware of the Magic SpEL(L) - Part 1 (CVE-2018-1273)

By Philippe Arteau

Read More

Water violently leaking from a large pipe

Abusing Unsafe Defaults in Active Directory Domain Services: A Real-World Case Study

By Louis Dion-Marcil

This past July, Kevin Robertson from NetSPI released a blog post entitled, "Beyond LLMNR/NBNS Spoofing – Exploiting Active Directory-Integrated DNS," which introduced a new technique (to us at least) targeting weak default access control in Active Directory Domain Services. At GoSecure, since most of our engagements require some level of Active Directory security assessment, we followed our interest and decided to find a way to reliably exploit it.

Read More

RDP Man-in-the-Middle - Smile! You're on Camera

By Émilio Gonzalez

As part of our four-month internship at GoSecure, we chose to work on creating a Remote Desktop Protocol (RDP) honeypot. To achieve this, we used a Linux server with an RDP man-in-the-middle (MITM) program that redirects traffic to a real Windows Server.

When searching for tools, we found RDPY, a Python RDP library with a MITM implementation. However, RDPY had several limitations both in features and design choices for our use case. This led us to create our own library, which reuses some parts and concepts from RDPY.

In this blog post, we will showcase our newly release open-source project, PyRDP, which is usable both as a MITM and as a library to experiment with the protocol. We will demonstrate both use cases by describing an incident we had with a malicious user that compromised our honeypot.

Read More

Summary of Statistics Canada's Survey on Cybersecurity and Cybercrime

By Masarah Paquet-Clouston

If there is one thing that all cybersecurity professionals agree on is how data and statistics on cybersecurity and cybercrime are misleading and unreliable. This is unsurprising considering that most statistics created, until now, came from the cybersecurity industry itself. By being economically motivated at selling security products, this industry has an unequivocal bias. Fortunately, today, we enter a new era:  Statistics Canada has just released the results of the first Canadian Survey of Cybersecurity and Cybercrime (CSoCC).

Read More

front

The Supply Chain behind the Market for Fake "Likes"

By Masarah Paquet-Clouston

In the past years, there has been increasing awareness by the public and policy makers on the potential harm that social network manipulation can produce. Yet, most researchers have looked at the front end of the problem: developing algorithms to flag fake accounts on social networks and suspend them. No studies have investigated  the problem from an industry perspective, with questions such as:

Read More

Large Scale Vulnerability Scanning with Jenkins

By Benoit Côté-Jodoin

Find Security Bugs can often uncover interesting findings that may lead to the discovery of critical vulnerabilities. Back in May, we published on this blog two vulnerabilities in components of Spring, a Java web framework, using this tool. However, the process of using Find Security Bugs can be a little bit tedious to unseasoned Java users. Also, the process of analyzing compiled code and triaging the findings needed improvements. Here is the solution that was built to find vulnerabilities at scale.

Read More

A Password Hidden Among Other Binary Data

Throwing it out the Windows: Exfiltrating Active Directory credentials through DNS

By Leanne Dutil

This post will detail the password filter implant project we developed recently. Our password filter is used to exfiltrate Active Directory credentials through DNS. This text will discuss the technicalities of the project as well as my personal experience developing it. It is available under an open source license on GitHub.

Read More

Upcoming WEIS presentation: Ransomware Payment in the Bitcoin Ecosystem

By Masarah Paquet-Clouston

In the past year, we developed a data-driven method for identifying, quantifying, and comparing ransom payments in the Bitcoin ecosystem from 35 ransomware families. The study was conducted in partnership with Bernhard Haslhofer from the Austrian Institute of Technology (AIT) and Benoît Dupont from the Université de Montréal (UdeM). It resulted in a paper that will be presented at the 17th Annual Workshop on the Economics of Information Security (WEIS2018) in Innsbruck, Austria, besides renowned academic researchers. 

Read More

GoSecure Merges with CounterTack

By GoSecure

Today, GoSecure, Inc., a cybersecurity Managed Security Service & Managed Detection and Response provider announced a merger with CounterTack, the leading provider of Predictive Endpoint Detection, Response and Prevention for the enterprise.

Read More

Beware of the Magic SpEL(L) - Part 2 (CVE-2018-1260)

By Philippe Arteau

On Tuesday, we released the details of RCE vulnerability affecting Spring Data (CVE-2018-1273). We are now repeating the same exercise for a similar RCE vulnerability in Spring Security OAuth2 (CVE-2018-1260). We are going to present the attack vector, its discovery method and the conditions required for exploitation. This vulnerability also has similarities with another vulnerability disclosed in 2016. The resemblance will be discussed in the section where we review the fix.

Read More

Beware of the Magic SpEL(L) - Part 1 (CVE-2018-1273)

By Philippe Arteau

Read More

Water violently leaking from a large pipe

Abusing Unsafe Defaults in Active Directory Domain Services: A Real-World Case Study

By Louis Dion-Marcil

This past July, Kevin Robertson from NetSPI released a blog post entitled, "Beyond LLMNR/NBNS Spoofing – Exploiting Active Directory-Integrated DNS," which introduced a new technique (to us at least) targeting weak default access control in Active Directory Domain Services. At GoSecure, since most of our engagements require some level of Active Directory security assessment, we followed our interest and decided to find a way to reliably exploit it.

Read More

RDP Man-in-the-Middle - Smile! You're on Camera

By Émilio Gonzalez

As part of our four-month internship at GoSecure, we chose to work on creating a Remote Desktop Protocol (RDP) honeypot. To achieve this, we used a Linux server with an RDP man-in-the-middle (MITM) program that redirects traffic to a real Windows Server.

When searching for tools, we found RDPY, a Python RDP library with a MITM implementation. However, RDPY had several limitations both in features and design choices for our use case. This led us to create our own library, which reuses some parts and concepts from RDPY.

In this blog post, we will showcase our newly release open-source project, PyRDP, which is usable both as a MITM and as a library to experiment with the protocol. We will demonstrate both use cases by describing an incident we had with a malicious user that compromised our honeypot.

Read More

Summary of Statistics Canada's Survey on Cybersecurity and Cybercrime

By Masarah Paquet-Clouston

If there is one thing that all cybersecurity professionals agree on is how data and statistics on cybersecurity and cybercrime are misleading and unreliable. This is unsurprising considering that most statistics created, until now, came from the cybersecurity industry itself. By being economically motivated at selling security products, this industry has an unequivocal bias. Fortunately, today, we enter a new era:  Statistics Canada has just released the results of the first Canadian Survey of Cybersecurity and Cybercrime (CSoCC).

Read More

front

The Supply Chain behind the Market for Fake "Likes"

By Masarah Paquet-Clouston

In the past years, there has been increasing awareness by the public and policy makers on the potential harm that social network manipulation can produce. Yet, most researchers have looked at the front end of the problem: developing algorithms to flag fake accounts on social networks and suspend them. No studies have investigated  the problem from an industry perspective, with questions such as:

Read More

Large Scale Vulnerability Scanning with Jenkins

By Benoit Côté-Jodoin

Find Security Bugs can often uncover interesting findings that may lead to the discovery of critical vulnerabilities. Back in May, we published on this blog two vulnerabilities in components of Spring, a Java web framework, using this tool. However, the process of using Find Security Bugs can be a little bit tedious to unseasoned Java users. Also, the process of analyzing compiled code and triaging the findings needed improvements. Here is the solution that was built to find vulnerabilities at scale.

Read More

A Password Hidden Among Other Binary Data

Throwing it out the Windows: Exfiltrating Active Directory credentials through DNS

By Leanne Dutil

This post will detail the password filter implant project we developed recently. Our password filter is used to exfiltrate Active Directory credentials through DNS. This text will discuss the technicalities of the project as well as my personal experience developing it. It is available under an open source license on GitHub.

Read More

Upcoming WEIS presentation: Ransomware Payment in the Bitcoin Ecosystem

By Masarah Paquet-Clouston

In the past year, we developed a data-driven method for identifying, quantifying, and comparing ransom payments in the Bitcoin ecosystem from 35 ransomware families. The study was conducted in partnership with Bernhard Haslhofer from the Austrian Institute of Technology (AIT) and Benoît Dupont from the Université de Montréal (UdeM). It resulted in a paper that will be presented at the 17th Annual Workshop on the Economics of Information Security (WEIS2018) in Innsbruck, Austria, besides renowned academic researchers. 

Read More

GoSecure Merges with CounterTack

By GoSecure

Today, GoSecure, Inc., a cybersecurity Managed Security Service & Managed Detection and Response provider announced a merger with CounterTack, the leading provider of Predictive Endpoint Detection, Response and Prevention for the enterprise.

Read More

Beware of the Magic SpEL(L) - Part 2 (CVE-2018-1260)

By Philippe Arteau

On Tuesday, we released the details of RCE vulnerability affecting Spring Data (CVE-2018-1273). We are now repeating the same exercise for a similar RCE vulnerability in Spring Security OAuth2 (CVE-2018-1260). We are going to present the attack vector, its discovery method and the conditions required for exploitation. This vulnerability also has similarities with another vulnerability disclosed in 2016. The resemblance will be discussed in the section where we review the fix.

Read More

Beware of the Magic SpEL(L) - Part 1 (CVE-2018-1273)

By Philippe Arteau

Read More

Water violently leaking from a large pipe

Abusing Unsafe Defaults in Active Directory Domain Services: A Real-World Case Study

By Louis Dion-Marcil

This past July, Kevin Robertson from NetSPI released a blog post entitled, "Beyond LLMNR/NBNS Spoofing – Exploiting Active Directory-Integrated DNS," which introduced a new technique (to us at least) targeting weak default access control in Active Directory Domain Services. At GoSecure, since most of our engagements require some level of Active Directory security assessment, we followed our interest and decided to find a way to reliably exploit it.

Read More

RDP Man-in-the-Middle - Smile! You're on Camera

By Émilio Gonzalez

As part of our four-month internship at GoSecure, we chose to work on creating a Remote Desktop Protocol (RDP) honeypot. To achieve this, we used a Linux server with an RDP man-in-the-middle (MITM) program that redirects traffic to a real Windows Server.

When searching for tools, we found RDPY, a Python RDP library with a MITM implementation. However, RDPY had several limitations both in features and design choices for our use case. This led us to create our own library, which reuses some parts and concepts from RDPY.

In this blog post, we will showcase our newly release open-source project, PyRDP, which is usable both as a MITM and as a library to experiment with the protocol. We will demonstrate both use cases by describing an incident we had with a malicious user that compromised our honeypot.

Read More

Summary of Statistics Canada's Survey on Cybersecurity and Cybercrime

By Masarah Paquet-Clouston

If there is one thing that all cybersecurity professionals agree on is how data and statistics on cybersecurity and cybercrime are misleading and unreliable. This is unsurprising considering that most statistics created, until now, came from the cybersecurity industry itself. By being economically motivated at selling security products, this industry has an unequivocal bias. Fortunately, today, we enter a new era:  Statistics Canada has just released the results of the first Canadian Survey of Cybersecurity and Cybercrime (CSoCC).

Read More

front

The Supply Chain behind the Market for Fake "Likes"

By Masarah Paquet-Clouston

In the past years, there has been increasing awareness by the public and policy makers on the potential harm that social network manipulation can produce. Yet, most researchers have looked at the front end of the problem: developing algorithms to flag fake accounts on social networks and suspend them. No studies have investigated  the problem from an industry perspective, with questions such as:

Read More

Large Scale Vulnerability Scanning with Jenkins

By Benoit Côté-Jodoin

Find Security Bugs can often uncover interesting findings that may lead to the discovery of critical vulnerabilities. Back in May, we published on this blog two vulnerabilities in components of Spring, a Java web framework, using this tool. However, the process of using Find Security Bugs can be a little bit tedious to unseasoned Java users. Also, the process of analyzing compiled code and triaging the findings needed improvements. Here is the solution that was built to find vulnerabilities at scale.

Read More

A Password Hidden Among Other Binary Data

Throwing it out the Windows: Exfiltrating Active Directory credentials through DNS

By Leanne Dutil

This post will detail the password filter implant project we developed recently. Our password filter is used to exfiltrate Active Directory credentials through DNS. This text will discuss the technicalities of the project as well as my personal experience developing it. It is available under an open source license on GitHub.

Read More

Upcoming WEIS presentation: Ransomware Payment in the Bitcoin Ecosystem

By Masarah Paquet-Clouston

In the past year, we developed a data-driven method for identifying, quantifying, and comparing ransom payments in the Bitcoin ecosystem from 35 ransomware families. The study was conducted in partnership with Bernhard Haslhofer from the Austrian Institute of Technology (AIT) and Benoît Dupont from the Université de Montréal (UdeM). It resulted in a paper that will be presented at the 17th Annual Workshop on the Economics of Information Security (WEIS2018) in Innsbruck, Austria, besides renowned academic researchers. 

Read More

GoSecure Merges with CounterTack

By GoSecure

Today, GoSecure, Inc., a cybersecurity Managed Security Service & Managed Detection and Response provider announced a merger with CounterTack, the leading provider of Predictive Endpoint Detection, Response and Prevention for the enterprise.

Read More

Beware of the Magic SpEL(L) - Part 2 (CVE-2018-1260)

By Philippe Arteau

On Tuesday, we released the details of RCE vulnerability affecting Spring Data (CVE-2018-1273). We are now repeating the same exercise for a similar RCE vulnerability in Spring Security OAuth2 (CVE-2018-1260). We are going to present the attack vector, its discovery method and the conditions required for exploitation. This vulnerability also has similarities with another vulnerability disclosed in 2016. The resemblance will be discussed in the section where we review the fix.

Read More

Beware of the Magic SpEL(L) - Part 1 (CVE-2018-1273)

By Philippe Arteau

Read More

Water violently leaking from a large pipe

Abusing Unsafe Defaults in Active Directory Domain Services: A Real-World Case Study

By Louis Dion-Marcil

This past July, Kevin Robertson from NetSPI released a blog post entitled, "Beyond LLMNR/NBNS Spoofing – Exploiting Active Directory-Integrated DNS," which introduced a new technique (to us at least) targeting weak default access control in Active Directory Domain Services. At GoSecure, since most of our engagements require some level of Active Directory security assessment, we followed our interest and decided to find a way to reliably exploit it.

Read More

RDP Man-in-the-Middle - Smile! You're on Camera

By Émilio Gonzalez

As part of our four-month internship at GoSecure, we chose to work on creating a Remote Desktop Protocol (RDP) honeypot. To achieve this, we used a Linux server with an RDP man-in-the-middle (MITM) program that redirects traffic to a real Windows Server.

When searching for tools, we found RDPY, a Python RDP library with a MITM implementation. However, RDPY had several limitations both in features and design choices for our use case. This led us to create our own library, which reuses some parts and concepts from RDPY.

In this blog post, we will showcase our newly release open-source project, PyRDP, which is usable both as a MITM and as a library to experiment with the protocol. We will demonstrate both use cases by describing an incident we had with a malicious user that compromised our honeypot.

Read More

Summary of Statistics Canada's Survey on Cybersecurity and Cybercrime

By Masarah Paquet-Clouston

If there is one thing that all cybersecurity professionals agree on is how data and statistics on cybersecurity and cybercrime are misleading and unreliable. This is unsurprising considering that most statistics created, until now, came from the cybersecurity industry itself. By being economically motivated at selling security products, this industry has an unequivocal bias. Fortunately, today, we enter a new era:  Statistics Canada has just released the results of the first Canadian Survey of Cybersecurity and Cybercrime (CSoCC).

Read More

front

The Supply Chain behind the Market for Fake "Likes"

By Masarah Paquet-Clouston

In the past years, there has been increasing awareness by the public and policy makers on the potential harm that social network manipulation can produce. Yet, most researchers have looked at the front end of the problem: developing algorithms to flag fake accounts on social networks and suspend them. No studies have investigated  the problem from an industry perspective, with questions such as:

Read More

Large Scale Vulnerability Scanning with Jenkins

By Benoit Côté-Jodoin

Find Security Bugs can often uncover interesting findings that may lead to the discovery of critical vulnerabilities. Back in May, we published on this blog two vulnerabilities in components of Spring, a Java web framework, using this tool. However, the process of using Find Security Bugs can be a little bit tedious to unseasoned Java users. Also, the process of analyzing compiled code and triaging the findings needed improvements. Here is the solution that was built to find vulnerabilities at scale.

Read More

A Password Hidden Among Other Binary Data

Throwing it out the Windows: Exfiltrating Active Directory credentials through DNS

By Leanne Dutil

This post will detail the password filter implant project we developed recently. Our password filter is used to exfiltrate Active Directory credentials through DNS. This text will discuss the technicalities of the project as well as my personal experience developing it. It is available under an open source license on GitHub.

Read More

Upcoming WEIS presentation: Ransomware Payment in the Bitcoin Ecosystem

By Masarah Paquet-Clouston

In the past year, we developed a data-driven method for identifying, quantifying, and comparing ransom payments in the Bitcoin ecosystem from 35 ransomware families. The study was conducted in partnership with Bernhard Haslhofer from the Austrian Institute of Technology (AIT) and Benoît Dupont from the Université de Montréal (UdeM). It resulted in a paper that will be presented at the 17th Annual Workshop on the Economics of Information Security (WEIS2018) in Innsbruck, Austria, besides renowned academic researchers. 

Read More

GoSecure Merges with CounterTack

By GoSecure

Today, GoSecure, Inc., a cybersecurity Managed Security Service & Managed Detection and Response provider announced a merger with CounterTack, the leading provider of Predictive Endpoint Detection, Response and Prevention for the enterprise.

Read More

Beware of the Magic SpEL(L) - Part 2 (CVE-2018-1260)

By Philippe Arteau

On Tuesday, we released the details of RCE vulnerability affecting Spring Data (CVE-2018-1273). We are now repeating the same exercise for a similar RCE vulnerability in Spring Security OAuth2 (CVE-2018-1260). We are going to present the attack vector, its discovery method and the conditions required for exploitation. This vulnerability also has similarities with another vulnerability disclosed in 2016. The resemblance will be discussed in the section where we review the fix.

Read More

Beware of the Magic SpEL(L) - Part 1 (CVE-2018-1273)

By Philippe Arteau

Read More