The Devil’s in the Subtitles

Widespread malware affecting media players On May 23rd, 2017, Checkpoint found a vulnerability in four popular media players that use a new attack vector by creating malicious subtitle files to infect computers, smartphones, and smart TVs. Once the files are downloaded, an attacker can potentially take complete control over the device. Over 200 million devices […]

Read More…

WannaCry Recap

Friday could not have come sooner for some last week. For the rest of us, we may have wished Friday never happened. What is now being considered the most “successful” and prolific ransomware campaign took off like a wildfire in a dry forest. We’ve all heard the name, WannaCry, hopefully it did not make anyone […]

Read More…

WannaCry IOCs and Technical Details

Technical Details It is currently unclear whether this payload is delivered via malicious attachment or through the WAN using the FuzzBunch EternalBlue SMB exploit. The malware behaves much like typical ransomware during execution on the victim’s machine. Below are the operations that are ran via cmd.exe: /c vssadmin delete shadows /all /quiet & wmic shadowcopy […]

Read More…

WannaCry? You Might.

Urgent Information Regarding WanaCrypt/WannaCry/WCry Ransom-ware Outbreak Today, 12 May 2017, a massive ransomware outbreak has been reported across the globe. There are reports of computer systems completely locked up in Russia, Western Europe, East Asia, and North America. British hospitals and a Spanish telecom company have been the largest confirmed victims thus far, along with […]

Read More…

Zero-Trust and Micro-Segmentation

Adoption of Zero-Trust and Micro-Segmentation as core design principles can help improve the security posture of your network and the attached systems. However, it is important to understand how we got to our current state in order to understand how these principles can help us. Let’s do a quick review of the current network security […]

Read More…

Mitigating Against the Shadow Broker Exploit Dump

On Friday, April 14, a group called “Shadow Brokers” released multiple exploits and tools, purported to be from the NSA, entitled “Fifth Leak: Lost in Translation“. Over the holiday weekend, the CRITICALSTART research team and the greater InfoSec community went through and analyzed many of the tools.   Affected Systems The tools are primarily comprised […]

Read More…

Picking the Right Silver Bullet

With the current state of cybersecurity, the market has become inundated with “solutions”. When every manufacturer is selling hammers, then all problems look like a nail. Security personnel is expected to evaluate solutions, while still trying to find time for operational tasks. After the media fills executives’ minds with the latest security buzzwords, they all […]

Read More…

What Are the Mistakes That Get Hackers Arrested?

At Critical Start we use a concept called the Defendable Network and map organizations to SecCon levels designed to give companies a chance against threat actors of varying skill levels.  We group threat actors skill levels into: Untrained Attacker (just gets lucky) Novice Attacker Intermediate (using automated tools mostly) Advanced Expert Phineas Fisher is a Blackhat hacker and […]

Read More…