Risicodromen?

“Eens zullen risicomanagers meer kunnen focussen op strategische beslissingen maar ook op zaken waar grote financiële waarde aan toegekend wordt. Routinematig werk zal steeds verder geautomatiseerd worden waarbij steeds minder uitzonderingen aandacht behoeven."

Door |2024-02-17T06:32:37+00:00februari 22, 2018|Artikel, Nederlands|Reacties uitgeschakeld voor Risicodromen?

The cost of business vs the cost of crime…

If you live in The Netherlands you probably noticed that a series of DDoS attacks caused quite some uproar in our little corner of the world. One of the questions I get asked regularly is why we still cannot deal with these types of attacks.

We are at un unfair disadvantage, or more accurately phrased, the criminals have an unfair advantage. The cost, in terms of money, time, lost functionality, etc., of preventing a crime or attack are often higher than those the criminal or attacker needs to make to actually commit his deed.

Door |2024-02-17T12:55:40+00:00februari 15, 2018|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor The cost of business vs the cost of crime…

Gain more insight and create doomsday scenarios for better threat modeling

In previous blogs you could already read about what threat modeling is, and about the 4 steps. In practice, however, threat modeling is more than just a technical analysis of your application. The threat landscape is constantly evolving, and so is your organisation. Therefore, you need to understand the technical and business context, and create doomsday scenarios.

As a result, you have a broader insight of the threats to your application.

Door |2024-09-30T09:26:05+00:00februari 8, 2018|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Gain more insight and create doomsday scenarios for better threat modeling

Password database of MediaMarkt leaks again

On January 2, 2018 I visited MediaMarkt in Leidsche Rein The Wall. MediaMarkt is a well-known electronics shop franchise in The Netherlands with 45 stores. I was in need of a new phone as my current one was now over two years old and my subscription ended. They had the Samsung Note I was looking for, so I came there to get it.

The sales guy from the telecom department happy greeted me and started a conversation. He wanted to check out my phone subscription to see if he could get a nice discount for me. Sure!

Door |2024-09-30T08:19:54+00:00februari 1, 2018|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Password database of MediaMarkt leaks again

Public password dumps in ELK

Passwords, passwords, passwords: end users and defenders hate them, attackers love them. Despite the recent focus on stronger authentication forms by defenders, passwords are still the predominant way to get access to systems. And due to the habit of end users reusing passwords, and the multitude of public leaks in the last few years, they serve as an important attack vector in the red teamer’s arsenal. Find accounts of target X in the many publicly available dumps, try these passwords or logical iterations of it (Summer2014! might very well be Winter2018! at a later moment) on a webmail or other externally accessible portals, and you may have got initial access to your target’s systems. Can’t find any accounts of your target in the dump? No worries, your intel and recon may give you private email addresses that very well may be sharing the password with the target’s counter parts.

Door |2024-02-19T07:02:11+00:00februari 1, 2018|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Public password dumps in ELK
Ga naar de bovenkant