ALEF Security Report 2019
· β˜• 1 min read
Couple of months back, my colleagues and I created a report covering current cyber security situation in the Czech Republic. If you’d like to know, what security services were most in demand during the last couple of years, how large is the percentage of Czech organizations, which conduct phishing tests of their employees, or how STARTTLS adoption is progressing in Czech Republic, you may download it here.

SANS ISC Diary - Tricky LNK points to TrickBot
· β˜• 1 min read
A Guest Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at analyzing a malicious LNK file which leads us to a sample of Trickbot.

SANS ISC Diary - Open Redirect: A Small But Very Common Vulnerability
· β˜• 1 min read
A Guest Diary of mine was published today on the SANS Internet Storm Center. In this one, I discuss open redirect vulnerabilities and how to find them. If you’ve never heard of open redirects, this might be a useful introductory text.

Where are all the machines affected by BlueKeep hiding - part 2
· β˜• 4 min read
Last week, we took a look at Shodan results to try to determine which countries are the “richest” in the world when it comes to machines vulnerable to BlueKeep visible from the internet. Since the number of vulnerable machines Shodan detects grows every day (see the following chart), I thought it might be interesting to have another look at the numbers. But in a way which is a little different.

Where are all the machines affected by BlueKeep hiding?
· β˜• 1 min read
We've all read about the hundereds of thousands of machines affected by BlueKeep connected to the internet, but where are they hiding? With the help of Shodan, we can try to figure it out...

Half-open redirect vulnerability in Youtube
· β˜• 3 min read
If you open any Youtube video, which has in its description a link to an external URL, you may notice that the link points to a Youtube redirection mechanism (https://www.youtube.com/redirect?...), with the target URL being passed to it as a parameter, rather than to the target URL itself...

Analysis of an encrypted malicious DOC file and an (un)interesting phishing
· β˜• 6 min read
Couple of days ago, I found a pretty usual-looking phishing e-mail in one of the quarantine folders of my inbox. It was addressed to me and to 19 other security specialists and incident response teams and contained a text (in German - see bellow), informing us that the author saw a job offer to which she was responding with an application document attached to the e-mail. The attachment appeared to be an encrypted DOC file and the password (“123123”) was mentioned in the body of the message.

How big of a problem is the 'open redirect' in Babel?
· β˜• 4 min read
During a recent research into prevalence of open redirection vulnerabilities within the ccTLD .CZ we've done with my colleagues from ALEF CSIRT, I’ve noticed that many of the vulnerable sites seemed to be using CMS Made Simple with Babel multi-language module. This seemed to warrant a closer investigation...