Ransomware: Hacienda of Puerto Rico

By |2021-06-21T09:56:32-04:00June 21st, 2021|Categories: Attribution, Breach, Case Study, Contracts, Cyber, Defensive Methodology, Disclosure, Firewall, Forensic, Hacking, Incident Response, Reports|Tags: , , |

We are publishing a redacted case study related to the ransomware event that occurred at Hacienda of Puerto Rico. Although some elements have been removed from this case study, and a previous redacted case study concerning our involvement as Incident Response leads, it seems industry has not been able to adapt and improve it's resilience against [...]

Comments Off on Ransomware: Hacienda of Puerto Rico

Kleared4 closed-operation fly-away edge kit

By |2021-06-07T10:44:36-04:00June 7th, 2021|Categories: Automation, Cyber, Defensive Methodology, Design, Forensic, Hacking, Hunting, Incident Response, Networking|

We have started integrating closed-operation fly-away edge appliances with Kleared4, our disassociated cyber-operations, and proofing environment. #PCOE #PCTE #CyberRange Unlike other fly-away kits, this one is designed to operate completely closed! This model uses a Pelican 1200 case with a small Linux based PC. We recently used the device during a remote assessment on the other [...]

Comments Off on Kleared4 closed-operation fly-away edge kit

CTF-Pasteables

By |2019-10-16T12:38:29-04:00October 16th, 2019|Categories: Cyber, Hacking, Pen-testing, Powershell, Scripts, Tor|

"Typing Kills", so even if you do not agree with this; it's true. Operator error grows the more you type. It's akin to "measure twice, cut once". In Capture the Flags (CTF's), we often redo the same methodology and the only thing we change are network variables and usernames, the syntax remains constant. Over the years, [...]

Comments Off on CTF-Pasteables

Case 1

By |2019-10-16T12:11:09-04:00August 27th, 2019|Categories: Attribution, Breach, Case Study, Contracts, Cyber, Defensive Methodology, Disclosure, Forensic, Hacking, Hunting, Incident Response, Laws, Reports|Tags: |

Case 1. If you like the case study, hit us up and let us know. Take care. Malware Analysis on Hybrid-Analysis. case1Download

Comments Off on Case 1

Judicial branch of Puerto Rico exposes sensitive court documents

By |2019-08-15T13:19:40-04:00May 31st, 2017|Categories: Hacking, Laws, Reports|Tags: , , , , , |

Problem CompSec Direct recently became aware of an information disclosure problem with the https://unired.ramajudicial.pr/lawyernotificationauthentication/ application used by the judicial branch of the Puerto Rico government. The application uses a weak sequential ID string that is provided to attorneys and clients in order to view sensitive legal documents. Manipulating the ID string with simple math, similar to [...]

Comments Off on Judicial branch of Puerto Rico exposes sensitive court documents

Forcepoint 2015 Threat Report

By |2019-08-15T13:19:42-04:00February 15th, 2016|Categories: Attribution, Cyber, Defensive Methodology, Forensic, Hacking, Hunting, Pen-testing, Reports, Tor|

An excellent publication from Forcepoint that covers CnC malware, malicious insiders and attribution. Unlike other threat reports, this report covers multiple human factors that are often neglected in technical reports. In some cases, human error and predisposition to reuse malware has lead thee researchers to determine a high probability of configuration reuse which leads to easier [...]

Comments Off on Forcepoint 2015 Threat Report

Why going after wp-config is a quick way to get banned

By |2019-08-15T13:19:42-04:00January 15th, 2016|Categories: Attribution, Defensive Methodology, Hacking, Reports, Wordpress|

Internet sites with Wordpress are normally exploited with ease in two ways: 1. Vulnerable plugins or a vulnerability in Wordpress. 2. Reading backup's of the wp-config.php file. The first is actually more common place. The second assumes the admin that maintains Wordpress leaves a backup or older version of the file readable by any visitor that [...]

Comments Off on Why going after wp-config is a quick way to get banned

Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks – ArsTechnica

By |2019-08-15T13:19:42-04:00June 13th, 2015|Categories: Breach, Hacking, Reports|Tags: , |

Excellent report by Kaspersky that unmasks a breach inside their corporate infrastructure. Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks

Comments Off on Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks – ArsTechnica

Bsides PR 2015 – Fun with Tor : How anonymity services complicate actor attribution CompSec Direct

By |2019-08-15T13:19:43-04:00May 29th, 2015|Categories: Attribution, Defensive Methodology, Demo, Hacking, Tor|Tags: , , , , , , , |

Hello from Puerto Rico. Here are our slides from Jose Fernandez's talk on Tor and attribution. We are very exited to have participated in BSides PR 2015, and look forward to speaking again in the future. By the time we got to the beach, the Internet is hopefully in a slightly better state than we left [...]

Comments Off on Bsides PR 2015 – Fun with Tor : How anonymity services complicate actor attribution CompSec Direct

Cybergeddon: Why the Internet could be the next “failed state” -ArsTechnica

By |2017-05-30T21:01:16-04:00February 26th, 2015|Categories: Cyber, Hacking|Tags: |

Excellent article by Sean Gallagher from ArsTechnica. It truly captures the essence of how our world is likely headed into an unfortunate collision with technology. http://arstechnica.com/information-technology/2015/02/fear-in-the-digital-city-why-the-internet-has-never-been-more-dangerous/1/

Comments Off on Cybergeddon: Why the Internet could be the next “failed state” -ArsTechnica
Go to Top