Shortcomings of blacklisting in Adobe Reader and what you can do about it

A variation of a class of malicious PDFs appeared in the wild. In this blog post, we will show you how to protect your systems and how to analyze these PDFs. The PDFs embed a file type with extension .SettingContent-ms that can be used on Windows 10 to execute arbitrary code. We have observed on … Continue reading Shortcomings of blacklisting in Adobe Reader and what you can do about it

Sextortion Scam With Leaked Passwords Succeeds

Following the forum post on sextortion emails being spammed to innocent victims, we were curious to see if this scam would indeed be successful. We have observed similar scam campaigns before, but now the scammers seem to include the victim's password as well, creating a sense of legitimacy. During our analysis we observed 3 payments to the … Continue reading Sextortion Scam With Leaked Passwords Succeeds

Extracting a Windows Zero-Day from an Adobe Reader Zero-Day PDF

In May 2018, when ESET published a blog post covering PDFs with 2 zero days, our interest was immediately piqued. Promptly after our analysis of these PDFs, we send out an early warning to our customers. Now that Microsoft published a blog post with the detailed analysis of the zero days, we find it appropriate … Continue reading Extracting a Windows Zero-Day from an Adobe Reader Zero-Day PDF

My Internship Experience at NVISO – by Etienne de Jambelinne

Hello, my name is Étienne de Jamblinne.I am a second year MA student in cyber-security at the ULB. I am the one on the left in Thibaut’s photo! As part of my program, I am required to do an internship that acquaints me with “real life” working experience. Security Awareness? Analysing my options, NVISO seemed … Continue reading My Internship Experience at NVISO – by Etienne de Jambelinne

One more year, on the way to… where?

A secret location.. A scavenger hunt to find it. Following the tradition, that’s how our teambuilding weekend (offsite) starts. |   On D-day, at 8h30 we needed to be at the office to start our hunt, and only then we could get our first official clue: a QR code. This allowed us to download an app, which contained a scavenger hunt via which we could find … Continue reading One more year, on the way to… where?

My Internship Experience at NVISO – by Thibaut Flochon

Hi! I’m Thibaut, a bachelor student in Information Technology at Hénallux. As a final-year student, I have had the opportunity to do my internship at NVISO for 4 months. Let me share this experience with you! Why NVISO? The year before my internship, I took part in the Cyber Security Challenge Belgium 2017 with some … Continue reading My Internship Experience at NVISO – by Thibaut Flochon

Write-up on Blockchain data exfiltration (CSCBE18 qualifiers) challenge

This article describes the analysis of data exfiltration using blockchain as it was used in a challenge for the CSCBE 2018 qualifiers. The Cyber Security Challenge Belgium (CSCBE) is a typical Capture-The-Flag (CTF) competition aimed at students from universities and colleges all over Belgium. All of the CSCBE’s challenges are created by security professionals from many different organisations. … Continue reading Write-up on Blockchain data exfiltration (CSCBE18 qualifiers) challenge