Where are all the machines affected by BlueKeep hiding?
· β˜• 1 min read
We've all read about the hundereds of thousands of machines affected by BlueKeep connected to the internet, but where are they hiding? With the help of Shodan, we can try to figure it out...

Half-open redirect vulnerability in Youtube
· β˜• 3 min read
If you open any Youtube video, which has in its description a link to an external URL, you may notice that the link points to a Youtube redirection mechanism (https://www.youtube.com/redirect?...), with the target URL being passed to it as a parameter, rather than to the target URL itself...

Analysis of an encrypted malicious DOC file and an (un)interesting phishing
· β˜• 6 min read
Couple of days ago, I found a pretty usual-looking phishing e-mail in one of the quarantine folders of my inbox. It was addressed to me and to 19 other security specialists and incident response teams and contained a text (in German - see bellow), informing us that the author saw a job offer to which she was responding with an application document attached to the e-mail. The attachment appeared to be an encrypted DOC file and the password (“123123”) was mentioned in the body of the message.

How big of a problem is the 'open redirect' in Babel?
· β˜• 4 min read
During a recent research into prevalence of open redirection vulnerabilities within the ccTLD .CZ we've done with my colleagues from ALEF CSIRT, I’ve noticed that many of the vulnerable sites seemed to be using CMS Made Simple with Babel multi-language module. This seemed to warrant a closer investigation...

Open Redirection Vulnerability in Babel
· β˜• 2 min read
In this post you may find description of a vulnerability I found in Babel - a CMSMS module - when searching for sites affected by Open Redirection vulnerabilities...

It's 2019 and WannaCry is still not dead
· β˜• 4 min read
Unless you live completely cut off from the rest of human civilization, chances are good you’ve heard about the WannaCry ransomware. However, so we’re all on the same page, I’ll go over the salient points of its history before discussing why it is still a threat. WannaCry - the first successful crypto-ransomware worm - started to spread on May 12th 2017 using the EternalBlue exploit and DoublePulsar backdoor implant (both courtesy of the Shadow Brokers and - by proxy - Equation Group/NSA) and supposedly hit more than 100 countries within the first 24 hours.

Miscelaneous tools and links
· β˜• 1 min read
I’ve added a new page to the site with links to miscelaneous tools and materials useful for Incident Response, Malware Analysis, Penetration Testing, etc. It may be accessed here or through the easily remembered URL http://csirt.xyz.

It's alive (again) !
· β˜• 1 min read
Untrusted Network is back! I've managed to salvage most of the posts from old version of the site so you may find links to those on the main page. So far that's the only content but you may look forward to new posts in 2019!

ALEF Hacker Challenge
· β˜• 1 min read
ALEF NULA (in the interest of full disclosure, I’d like to mention that I am currently employed by AN) launched a new competition called ALEF Hacker Challenge last week. The intended aim is to compromise a specific system and gather data from it. Although not unique, it is an interesting competition and not only because the main price is 12 000 CZK.