Unnamed Presentation 2020-10-09

Published: 2020-10-09

In 2020, Benjamin Mossé delivered a presentation to a government group. Attached are some of the slides that have been appropriately edited to showcase the general crux of the content we believe to be of benefit to the broader community.

Download the document >

Advisory 2020-001 - Understanding the Zoom vulnerabilities

Published: 2020-04-07

Mossé Security’s CSIRT has analysed the security vulnerabilities reported in Zoom between March 31st and April 7th, 2020. We are now sharing our professional opinion regarding the risk of “Zoom Bombing” attacks and discussing the weak encryption practices employed by Zoom.

Continue >

Advisory 2019-004 - Business Documents and PII Data Uploaded to Virus Total

Published: 2019-07-16

Mossé Security has been observing that some security solutions automatically upload emails to Virus Total that contain sensitive information (including attachments), without the knowledge or consent of the organisation.

Continue >

Advisory 2019-003 - All Organisations Are Urgently Advised to Immediately Turn on Mailbox Auditing

Published: 2019-07-10

Mossé Security’s Advanced CSIRT Team have been urgently called to respond to an alarming number of email account compromises that have allowed threat actors such as CRIME CHARLIE and CRIME OSCAR to steal money from regional organisations. Vast collateral damages are doubtlessly ensuing to these companies’ reputations wit...

Continue >

CRIME OSCAR is a cyber adversary that has stolen millions of dollars from Australian Organisations

Published: 2019-07-03

Mossé Security’s CSIRT Team responded to several intrusions from a financially motivated threat actor we refer to as CRIME OSCAR. The motivations of CRIME OSCAR are financial ones, as their goal is to compromise the mailbox of a member of the finance/procurement department and intercept payment invoices. Our CSIRT Team h...

Continue >

Advisory 2019-002 - Portable Applications Used To Compromise Enterprise Networks

Published: 2019-07-02

Mossé Security CSIRT has recently successfully responded to several breaches into corporate networks where the initial point of entry was a malicious portable application that provided reverse-shell capabilities to the adversaries. Using Portable Applications as an indirect way to breach into computer networks is another...

Continue >

CRIME CHARLIE - A Sophisticated Group of Social Engineers

Published: 2019-06-25

CRIME CHARLIE is one of the more sophisticated groups of social engineers Mossé Security have responded to in Australia. Their techniques and tactics have worked against high-level personnel who have access to multiple areas of the business through their accounts and have interactions with valuable external clients.

Continue >

Advisory 2019-001 - Cyber Adversaries Target Australians Organisation Using Signed Malware

Published: 2019-06-13

Mossé Security CSIRT observes signed malware used against Australian organisations daily. Enterprise security products and security analysts are advised not to automatically trust a file because it is signed. Digital certificates can be legitimately purchased for less than $100.00 USD. These certificates are either stole...

Continue >

Australian Threat Intelligence Annual Report 2016-2017

Published: 2017-09-26

Between January 2016 and July 2017, Mossé Security delivered 53 threat hunting exercises and responded to 67 separate security breaches. We observed 42 Australian firms attempting to deal with cyberattacks and saw firsthand how textbook approaches to information security failed to deter and dissuade attackers. With this ...

Continue >

Cyber Security For Medical Colleges

Published: 2017-08-15

What do medical colleges need to do to prepare themselves for cyber attacks? In this presentation, we explore how a modern cyber security programme looks like and offer strategies and tactics to help IT managers to improve the defences of their organisations.

Download the document >

Social Engineering Attacks Against CFOs

Published: 2017-07-23

Business executives of small and medium sized firms all over Australia are being targeted by sophisticated social engineers that attempt to defraud them with fake invoices. In this report, we present an advanced attacker group that successfully defrauded numerous small businesses in Melbourne, Sydney and Brisbane in Aust...

Continue >

An Introduction to the Offensive Countermeasures

Published: 2017-06-01

This whitepaper introduces the Offensive Countermeasures. The Offensive Countermeasures is a security strategy that creates consequences for the attackers who hack our computers. We hold the tenet that if resources are not spent on tracking and disrupting the attackers, then we are, by omission, allowing them to try new ...

Continue >

The 15 Cyber Security Leadership Questions

Published: 2016-11-03

The top 15 questions that business executives and IT directors should be asking their teams every quarter to manage their cyber risks.

Download the document >

Attacking Managed Security Services Providers and Delivering Incident Response in the Cloud

Published: 2016-07-28

In this presentation, we share lessons learnt delivering incident response services in the cloud and conducting red team exercises against managed security services providers.

Download the document >

Tactical Lab

Published: 2016-04-11

A curated list of tools, papers and techniques for Windows exploitation and incident response.

View the website >

Next Generation Penetration Testing

Published: 2015-10-13

This presentation was delivered at the AISA National Conference in 2015. The topic was Red Team Operations. We presented what red team operations are, why we need them, and how they are different from standard penetration testing engagements.

Download the document >