Published: 2020-10-09
In 2020, Benjamin Mossé delivered a presentation to a government group. Attached are some of the slides that have been appropriately edited to showcase the general crux of the content we believe to be of benefit to the broader community.
Download the document >Published: 2020-04-07
Mossé Security’s CSIRT has analysed the security vulnerabilities reported in Zoom between March 31st and April 7th, 2020. We are now sharing our professional opinion regarding the risk of “Zoom Bombing” attacks and discussing the weak encryption practices employed by Zoom.
Continue >Published: 2019-07-16
Mossé Security has been observing that some security solutions automatically upload emails to Virus Total that contain sensitive information (including attachments), without the knowledge or consent of the organisation.
Continue >Published: 2019-07-10
Mossé Security’s Advanced CSIRT Team have been urgently called to respond to an alarming number of email account compromises that have allowed threat actors such as CRIME CHARLIE and CRIME OSCAR to steal money from regional organisations. Vast collateral damages are doubtlessly ensuing to these companies’ reputations wit...
Continue >Published: 2019-07-03
Mossé Security’s CSIRT Team responded to several intrusions from a financially motivated threat actor we refer to as CRIME OSCAR. The motivations of CRIME OSCAR are financial ones, as their goal is to compromise the mailbox of a member of the finance/procurement department and intercept payment invoices. Our CSIRT Team h...
Continue >Published: 2019-07-02
Mossé Security CSIRT has recently successfully responded to several breaches into corporate networks where the initial point of entry was a malicious portable application that provided reverse-shell capabilities to the adversaries. Using Portable Applications as an indirect way to breach into computer networks is another...
Continue >Published: 2019-06-25
CRIME CHARLIE is one of the more sophisticated groups of social engineers Mossé Security have responded to in Australia. Their techniques and tactics have worked against high-level personnel who have access to multiple areas of the business through their accounts and have interactions with valuable external clients.
Continue >Published: 2019-06-13
Mossé Security CSIRT observes signed malware used against Australian organisations daily. Enterprise security products and security analysts are advised not to automatically trust a file because it is signed. Digital certificates can be legitimately purchased for less than $100.00 USD. These certificates are either stole...
Continue >Published: 2017-09-26
Between January 2016 and July 2017, Mossé Security delivered 53 threat hunting exercises and responded to 67 separate security breaches. We observed 42 Australian firms attempting to deal with cyberattacks and saw firsthand how textbook approaches to information security failed to deter and dissuade attackers. With this ...
Continue >Published: 2017-08-15
What do medical colleges need to do to prepare themselves for cyber attacks? In this presentation, we explore how a modern cyber security programme looks like and offer strategies and tactics to help IT managers to improve the defences of their organisations.
Download the document >Published: 2017-07-23
Business executives of small and medium sized firms all over Australia are being targeted by sophisticated social engineers that attempt to defraud them with fake invoices. In this report, we present an advanced attacker group that successfully defrauded numerous small businesses in Melbourne, Sydney and Brisbane in Aust...
Continue >Published: 2017-06-01
This whitepaper introduces the Offensive Countermeasures. The Offensive Countermeasures is a security strategy that creates consequences for the attackers who hack our computers. We hold the tenet that if resources are not spent on tracking and disrupting the attackers, then we are, by omission, allowing them to try new ...
Continue >Published: 2016-11-03
The top 15 questions that business executives and IT directors should be asking their teams every quarter to manage their cyber risks.
Download the document >Published: 2016-07-28
In this presentation, we share lessons learnt delivering incident response services in the cloud and conducting red team exercises against managed security services providers.
Download the document >Published: 2016-04-11
A curated list of tools, papers and techniques for Windows exploitation and incident response.
View the website >Published: 2015-10-13
This presentation was delivered at the AISA National Conference in 2015. The topic was Red Team Operations. We presented what red team operations are, why we need them, and how they are different from standard penetration testing engagements.
Download the document >