23 octobre 2018

If there is one thing that all cybersecurity professionals agree on is how statistics on cybersecurity and cybercrime are misleading and unreliable. Fortunately, today, we enter a new era:  Statistics Canada has just released the results of the first Canadian Survey of Cybersecurity and Cybercrime (CSoCC). The survey includes 12,597 Canadian businesses with 10 or more employees and attempts at providing a picture of the Canadian threat environment for the year 2017. We provide a summary of the main statistics in this blog, along with relevant links for anyone wishing to learn more about the survey's results.

04 octobre 2018

This study maps the different actors involved in the supply chain behind the market for fake "likes": from botnets to reseller panels and customer-facing sellers. The findings are part of a two-year-long investigation that attempts to understand a botnet’s operations in its economic context: the industry of social media fraud. They will be presented at the Virus Bulletin conference, taking place in Montreal on October 3rd and 5th, 2018.

 

06 septembre 2018

Find Security Bugs can often uncover interesting findings that may lead to the discovery of critical vulnerabilities. However, the process of using Find Security Bugs can be a little bit tedious to unseasoned Java users. Also, the process of analyzing compiled code and triaging the findings needed improvements. Here is the solution that was built to find vulnerabilities at scale.

10 juillet 2018

A Password Hidden Among Other Binary DataThis post will detail the password filter implant project we developed recently. Our password filter is used to exfiltrate Active Directory credentials through DNS. This text will discuss the technicalities of the project as well as my personal experience developing it.