Our employees frequently engage in research projects to live up to the high standard. They analyze the latest topics, methods and tools in interesting information security areas and prepare them in this context. The results of these activities contribute, for example, to projects, lectures at conferences, market overviews and articles for technical journals as well in advisories and zero-day-vulnerabilities.
July 5, 2024 – The NAC Pi is our all-in-one man-in-the-middle device, which allows us to bypass network access control solutions, including 802.1x. We use it as an effective measure in our Red-Teaming assessments to eavesdrop on and manipulate our customers’ supposedly protected network traffic. With this blog article we would like to go into the theory behind it and take you on the journey of how our device was created.
Author: Leon Schmidt
May 1, 2024 – Checkpoint Harmony is an enterprise security software protecting customers from malware.
May 10, 2024 – In this post, we will finally cover loading our actual payload. As discussed at the beginning of this series, our loader should be able to load shellcode and C# assemblies as well as PEs. The actual mode will be chosen using an argument to the python script used for compilation.
Author: Kolja Grassmann
May 1, 2024 – Webroot Antivirus is an antivirus software. The vulnerability existed in both the end user product and the enterprise product.
April 30, 2024 – In the last post, we discussed how we can get rid of any hooks placed into our process by an EDR solution. However, there are also other mechanisms provided by Windows, which could help to detect our payload. Two of these are ETW and AMSI.
Author: Kolja Grassmann
April 10, 2024 – In this post, we will go over techniques to avoid hooks placed into memory by an EDR.
Author: Kolja Grassmann
April 1, 2024 – Bitdefender produces different antivirus products. The privilege escalation vulnerability existed in Bitdefender Total Security, Internet Security, Antivirus Plus and Antivirus Free.
March 10, 2024 – In this post, we discuss dynamically resolving functions, which help to avoid static detections based on the functions imported by our executable.
Author: Kolja Grassmann
February 10, 2024 – This is the first post in a series of posts that will cover the development of a loader for evading AV and EDR solutions.
Author: Kolja Grassmann
January 10, 2024 – This is the third part of a three-part blog post series that looks at different design decisions, considerations and options an organization should bear in mind when planning, implementing and maintaining a tiering model in order to administrate the IT infrastructure securely. It describes the various options for implementation, explains trade-offs that must be made and their residual risks, and outlines the technical measures that need to be taken.
Author: Hagen Molzer
July 5, 2024 – The NAC Pi is our all-in-one man-in-the-middle device, which allows us to bypass network access control solutions, including 802.1x. We use it as an effective measure in our Red-Teaming assessments to eavesdrop on and manipulate our customers’ supposedly protected network traffic. With this blog article we would like to go into the theory behind it and take you on the journey of how our device was created.
Author: Leon Schmidt
May 1, 2024 – Checkpoint Harmony is an enterprise security software protecting customers from malware.
May 10, 2024 – In this post, we will finally cover loading our actual payload. As discussed at the beginning of this series, our loader should be able to load shellcode and C# assemblies as well as PEs. The actual mode will be chosen using an argument to the python script used for compilation.
Author: Kolja Grassmann
May 1, 2024 – Webroot Antivirus is an antivirus software. The vulnerability existed in both the end user product and the enterprise product.
April 30, 2024 – In the last post, we discussed how we can get rid of any hooks placed into our process by an EDR solution. However, there are also other mechanisms provided by Windows, which could help to detect our payload. Two of these are ETW and AMSI.
Author: Kolja Grassmann
April 10, 2024 – In this post, we will go over techniques to avoid hooks placed into memory by an EDR.
Author: Kolja Grassmann
April 1, 2024 – Bitdefender produces different antivirus products. The privilege escalation vulnerability existed in Bitdefender Total Security, Internet Security, Antivirus Plus and Antivirus Free.
March 10, 2024 – In this post, we discuss dynamically resolving functions, which help to avoid static detections based on the functions imported by our executable.
Author: Kolja Grassmann
February 10, 2024 – This is the first post in a series of posts that will cover the development of a loader for evading AV and EDR solutions.
Author: Kolja Grassmann
January 10, 2024 – This is the third part of a three-part blog post series that looks at different design decisions, considerations and options an organization should bear in mind when planning, implementing and maintaining a tiering model in order to administrate the IT infrastructure securely. It describes the various options for implementation, explains trade-offs that must be made and their residual risks, and outlines the technical measures that need to be taken.
Author: Hagen Molzer
July 5, 2024 – The NAC Pi is our all-in-one man-in-the-middle device, which allows us to bypass network access control solutions, including 802.1x. We use it as an effective measure in our Red-Teaming assessments to eavesdrop on and manipulate our customers’ supposedly protected network traffic. With this blog article we would like to go into the theory behind it and take you on the journey of how our device was created.
Author: Leon Schmidt
May 1, 2024 – Checkpoint Harmony is an enterprise security software protecting customers from malware.
May 10, 2024 – In this post, we will finally cover loading our actual payload. As discussed at the beginning of this series, our loader should be able to load shellcode and C# assemblies as well as PEs. The actual mode will be chosen using an argument to the python script used for compilation.
Author: Kolja Grassmann
May 1, 2024 – Checkpoint Harmony is an enterprise security software protecting customers from malware.
May 1, 2024 – Webroot Antivirus is an antivirus software. The vulnerability existed in both the end user product and the enterprise product.
April 1, 2024 – Bitdefender produces different antivirus products. The privilege escalation vulnerability existed in Bitdefender Total Security, Internet Security, Antivirus Plus and Antivirus Free.
cirosec follows this responsible disclosure policy when dealing with zero-day vulnerabilities found during research or customer projects. The goal is to balance the need of giving the vendor or open-source project enough time to develop and distribute a fix for the vulnerability with the need of the public to know about the security vulnerability. The policy is in accordance with industry-standard responsible disclosure practices. Our Responsible Disclosure Policy could be found here.
Competent IT security consulting, pentests, incident response and training
