Our Blog

Investigating an in-the-wild campaign using RCE in CraftCMS

Reading time: ~35 min
Posted by Nicolas Bourras on 18 April 2025
Categories: Analysis, Craft cms, Incident response, Ioc, Malware, Php, Post-exploitation, Threat hunting, Yii, Iocs, Post exploitation
Introduction In mid-February, Orange Cyberdefense’s CSIRT was tasked with investigating a server that had been hosting a now-unavailable website. The...

Waiting for goDoH

Reading time: ~12 min
Posted by Leon Jacobs on 24 October 2018
Categories: Bypass, Command execution, Dns, Experiment, Ioc, Malware, Research, Tools, Tunnelling
or DNS exfiltration over DNS over HTTPS (DoH) with godoh “Exfiltration Over Alternate Protocol” techniques such as using the Domain...