19 December 2018

In this post, we describe the new RDP man-in-the-middle and library project we developed and open sourced. Our MITM features a file stealer, a clipboard stealer and the ability to watch RDP sessions either live or after the fact. It is used as part of our RDP honeypot. In this post, we also describe an incident with a malicious user that infected our honeypot.

April 03, 2018

We discovered a new Web attack vector abusing the Edge Side Overview of the potentially affected productsInclude (ESI) features common in caching services and product. We will explain the conditions required for exploitation along with 3 example payloads: Cookie exfiltration, SSRF and bypassing client-side XSS filtering.

March 07, 2018

GoSecure and IDC LogosA few months ago, the International Data Corporation (IDC) conducted a Technology Spotlight and Customer Spotlight about our company. The two reports reaffirm our position as a high-quality provider of managed security services, one that follows a flexible and customer-centric approach. We provide a summary of the two reports below.

 

February 14, 2018

A shattered terminal screen with ./chaos written on itWe found a backdoor that uses network sniffing to provide a reverse shell. Additionally, it fully encrypts and integrity checks it network traffic with session keys. It was first presented at GoSec 2017 in Montreal and was found using a new honeypot SSH tool.

This backdoor was first used in 2012 as part of the 'sebd' rootkit but seems to have been reactivated within the scope of a rising botnet.