Our Blog

Investigating an in-the-wild campaign using RCE in CraftCMS

Reading time: ~35 min
Posted by Nicolas Bourras on 18 April 2025
Categories: Analysis, Craft cms, Incident response, Ioc, Malware, Php, Post-exploitation, Threat hunting, Yii, Iocs, Post exploitation
Introduction In mid-February, Orange Cyberdefense’s CSIRT was tasked with investigating a server that had been hosting a now-unavailable website. The...

Masquerading Windows processes like a DoubleAgent.

Reading time: ~18 min
Posted by Philippe Vogler on 23 April 2020
Categories: Anti-virus, Malware, Persistence, Post-exploitation, Sysmon, Windows
I’ve been spending some time building new content for our Introduction to Red Teaming course, which has been great for...

Waiting for goDoH

Reading time: ~12 min
Posted by Leon Jacobs on 24 October 2018
Categories: Bypass, Command execution, Dns, Experiment, Ioc, Malware, Research, Tools, Tunnelling
or DNS exfiltration over DNS over HTTPS (DoH) with godoh “Exfiltration Over Alternate Protocol” techniques such as using the Domain...

Understanding Locky

Reading time: ~10 min
Posted by vlad on 19 February 2016
Categories: Research, Malware, Ransomware
A few days ago I was asked to have a look at the newly emerged crypto-ransomware threat “Locky” which utilises Dridex-like Command and Control...