Detecting and Analyzing Microsoft Office Online Video

A while ago, a new technique was developed to execute arbitrary code via a Word document: an online video is embedded and the HTML code for the embedded video is modified with JavaScript that launches a Windows executable. This technique does not rely on VBA macros and requires the use of the .docx format (for … Continue reading Detecting and Analyzing Microsoft Office Online Video

Optimizing Elasticsearch for security log collection – part 1: reducing the number of shards

Nowadays, logs collection for security monitoring is about indexing, searching and datalakes; this is why at NVISO we use Elasticsearch for our threat hunting activities. Collecting, aggregating and searching data at a very high speed is challenging in big environment, especially when the flow is bigger than expected. At NVISO, we are constantly seeking for … Continue reading Optimizing Elasticsearch for security log collection – part 1: reducing the number of shards

Azure Security Logging – part 2: security-logging capabilities of Azure resources

In this second blog post in a series about Azure Security Logging, we will focus on some of the key services that are used in most Azure deployments. We go into detail how logging can be enabled, what logging options are available and what relevant data is generated. Log sources in Azure At the moment … Continue reading Azure Security Logging – part 2: security-logging capabilities of Azure resources

Azure Security Logging – part I: defining your logging strategy

In this first blog post in a series about Azure Security Logging, we will give a general overview of the types of logs available for Azure services including their storage options. We will also discuss how to define a security logging strategy in Azure. In the upcoming blog posts, we will go into detail about … Continue reading Azure Security Logging – part I: defining your logging strategy

Circumventing SSL Pinning in obfuscated apps with OkHttp

TL;DR - There are many Android SSL pinning bypass scripts available for Frida. However, those don't always work on obfuscated applications. If the application uses OkHttp, there's an easy way to find a convenient place to bypass the pinning by grepping for the right SMALI string. The target For this blogpost, I've created a little … Continue reading Circumventing SSL Pinning in obfuscated apps with OkHttp

Enabling Verified boot on Raspberry Pi 3

TL;DR: Verified boot is a fundamental security technology and it is important to be able to experiment with it on easily accessible hardware. However, creating a Verified boot demo on a Raspberry Pi 3 is harder than it sounds. We set out to find resources on the internet. Unfortunately, some of these were outdated, others … Continue reading Enabling Verified boot on Raspberry Pi 3