Blog

Setting up a watering hole attack with metasploit

In recent years we have witnessed multiple organised attacks against countries and companies using malicious code that was distributed via a legitimate website. These types of attacks are called "watering hole attacks" as they target well known and used websites and compromising them. You could compare this to dumping poison or other dangerous chemicals in a pond or well, where your intentions are to target any and all that use that source. One of the more famous such attacks was the CCleaner Watering Hole attack, which used the well-known tool CCleaner to distribute its malicious code.

Read more
Simulate user activity with the GHOSTS framework: Client set-up and Timelines

In part I of our look into the GHOSTS framework, we managed to set up the GHOSTS servers on our computer and connect a simple Windows VM, running the client code, to the GHOSTS API server. The next step is to configure properly our Windows Client to simulate the activity of a real user. To do that we will set up multiple programs and tools that can be run automatically and define their behaviour.

Read more
Simulate user activity with the GHOSTS framework : Introduction

When we want to test some detection algorithm we are developing, or we want to prepare a nice in-depth exercise for our students, we need to set up an ecosystem that closely resembles that of the real world. This can lead to some difficulties as in a real network we have multiple users, each with the own computer, surfing the net, working with files, or typing commands and sending requests to the network's centralized server. It could pose a big challenge to model this if we don't have a group of people available who we can task with sitting behind a computer and clicking on their mouse every so often to simulate real computer behaviour. There are tools available that help automate that, but in most cases they can be quite rudimentary.

Read more
How to upload your files to Nextcloud "File Drop" using curl

Nextcloud is a great tool for self-hosting your data in the vein of Dropbox. It facilitates exchange of information and files in a team, with the extra benefit of providing a robust monitoring and protection capabilities. There are Nextcloud clients available for Windows, Linux and MacOS, which are easy to install and use. With one click you can upload your files to your personal cloud and share them. But sometimes the need arises to upload files from machines that don't use a Graphical user Interface (for example Ubuntu Server distribution). Luckily there exists a way to still be able to upload your files to Nextcloud using the command line and Curl.

Read more
Publishing your Python project to the PyPI repository

Sometimes we might want to play with python scripts that are usefull for us when ran locally. But othertimes the script you have been playing with starts to be more and more important and involved in different projects. In such cases it is an interessting option to upload the python script to an internet repository so it can easily be accessed by you, your team members or other people that might need the same functionalities your script offers.

Read more
Running GITLAB Tests locally with Docker CE

The possibility to test integration on our projects when using Gitlab gives us a powerful testing tool to be sure that the code we submit to the repository will work as intended and wont break anything. The way that Gitlab does Continuous Integration (CI) tests is by using Docker containers that can be deployed at demand to test specific aspects of our project.

Read more