23 October 2018

If there is one thing that all cybersecurity professionals agree on is how statistics on cybersecurity and cybercrime are misleading and unreliable. Fortunately, today, we enter a new era:  Statistics Canada has just released the results of the first Canadian Survey of Cybersecurity and Cybercrime (CSoCC). The survey includes 12,597 Canadian businesses with 10 or more employees and attempts at providing a picture of the Canadian threat environment for the year 2017. We provide a summary of the main statistics in this blog, along with relevant links for anyone wishing to learn more about the survey's results.

April 27, 2016

In this article, we will be looking at a new exploitation technique using the default OPcache engine from PHP 7.  Using this attack vector, we can bypass certain hardening techniques that disallow the file write access in the web directory. This could be used by an attacker to execute his own malicious code in a hardened environment.

April 21, 2016

As a penetration testers, we rarely have to find ‘zero day’ vulnerabilities or perform ‘bug hunting’ in order to compromise Windows Active Directory Domains. However, in one of these rare cases while performing an internal penetration test for a client, we had to do so.  Lansweeper is an inventory software that scans your network in order to gather system information such as patch level, network interfaces, resources status, etc.   We were fairly surprised during this test when we were able to access Lansweeper 5's dashboard with a regular user account. 

April 05, 2016

AtlSecCon is almost there! Philippe and I are pretty excited to be speaking there this year!