A 30-minute sweep of Industrial Control Systems in Belgium

TLDR; We found several ICS systems in Belgium that were exposed to the internet without requiring any authentication. Screenshots below. Update 19/12: We've also had some coverage in the media about this research. 'De Standaard' did an article about it and so did 'Datanews' (in Dutch and in French). Industrial Control Systems (ICS) is the … Continue reading A 30-minute sweep of Industrial Control Systems in Belgium

Analyzing an Office Maldoc with a VBA Emulator

Today we wereĀ informed of another maldoc sample. After a quick look, we wereĀ convinced that this sample would be a good candidate for Philippe Lagadec's VBA emulator ViperMonkey. The maldoc in a nutshell: when the spreadsheet is opened, the VBA code builds a long JScript script and then executes it. This script contains base64 code for … Continue reading Analyzing an Office Maldoc with a VBA Emulator