GoSecure Blog
International Collaboration for Darkweb-Related Investigations
In April 2023, the most recent meeting of the United Nations Office on Drugs and Crime took place on the potential Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes. This meeting focused on international cooperation to unite countries to address the constant increase in cybercrimes worldwide. However, as exposed in the press, it is arduous to obtain the unanimous agreement of the member countries on subjects as legally and culturally complex as personal data transfer, judicial extradition, joint police investigations, access to cross-border data and special investigations techniques.
Password Managers are the panacea? Maybe not, but better than nothing
In January, we published a blog explaining why it is important to have strong passwords and provided advice to increase their robustness. Little did we know that this blog’s writing would create a commotion among the research team as different opinions on password managers emerged. Our last blog explained why password managers might not be as popular as the InfoSec community wishes. In this blog we will refute some of the arguments made, accept the limitations of password managers’ adoption, and propose strategies to address that.
Password Managers are the panacea? Not!
In January, we published a blog explaining why it is important to have strong passwords, and provided some advice to increase their robustness. Little did we know that this blog’s writing would create a commotion among the research team as different opinions on password managers emerged. The next two blog posts will cover password managers. The first one aims to explain why it might not be as popular as the InfoSec community wishes, while the second one attempts to nuance that anything is better than the status quo.
How Unparalleled RDP Monitoring Reveal Attackers’ Tradecraft
With our RDP interception tool, we managed to collect a great deal of information (screen, keyboard, mouse, metadata) about opportunistic attackers, and have it on video. An engineer and a crime data scientist partner to deliver an epic story, presented at BlackHat USA titled “I Watched You Roll the Die: Unparalleled RDP Monitoring Reveal Attackers’ Tradecraft” for the first time, which includes luring, understanding and characterizing attackers, allowing to collectively focus our attention on more sophisticated threats.
AWS WAF Clients Left Vulnerable to SQL Injection Due to Unorthodox MSSQL Design Choice
While doing research on Microsoft SQL (MSSQL) Server, a GoSecure ethical hacker found an unorthodox design choice that ultimately led to a web application firewall (WAF) bypass.
