Vice Society spreads its own ransomware
Vice Society is a financially motivated organization encompassing operators and opportunistic intrusion sets known for intrusion, exfiltration and extorsion against a large sample of victims since June 2021. The operator(s) of these alleged intrusion sets offer(s) an...
ProxyNotShell – OWASSRF – Merry Xchange
Context By the end of 2022, CERT Intrinsec dealt with the newly discovered bypass of ProxyNotShell named OWASSRF. This article details the modus operandi of a threat actor that exploited this vulnerability. On day one, the attackers leveraged vulnerable Exchange...
Emotet returns and deploys loaders
APT27 – One Year To Exfiltrate Them All: Intrusion In-Depth Analysis
Context During 2022, a company discovered that one of their equipments was communicating with a known command and control server. As a result, the company decided to contact CERT Intrinsec in order to get help to handle the security breach and manage the crisis. CERT...Hunting attackers using Microsoft Protection Logs (MPLogs)!
This article shares a method & tool developped by Intrinsec to reconstruct attack path using Microsoft Protection logs. Enjoy reading & hunting ! During incident response, CERT Intrinsec performs investigation so as to find indicators of compromise and...Challenge CTF 2022 x Intrinsec
Dans le cadre du salon de cybersécurité de LeHack 2022, Intrinsec a proposé un ensemble d’épreuves afin de divertir et challenger les visiteurs du salon. Ce CTF conçu par notre consultant Thibaud ROBIN est constitué de 12 épreuves. Il évolue dans un contexte réaliste...
ESGI Security Day – 10e édition
Chaque année, l’école ESGI organise le Security Day, une journée durant laquelle les étudiants de la filière Sécurité Informatique et des professionnels de la sécurité ont la possibilité d’assister à des conférences animées par des consultants IT. Ce mardi...Analysis of LAPSUS$ Intrusion Set
