Breaking the Microsoft Authenticode security model
Rocking the foundations of a trust-based digital code signing system
Threat Research
Breaking the Microsoft Authenticode security model
Digital Certificates - Models for Trust and Targets for Misuse 6
Blog 6: A new kind of certificate fraud: Executive impersonation
The PDF invoice that phished you
Blog 5 of 5 part series on advanced research into modern phishing attacks
Catching lateral movement in internal emails
Blog 4 of 5 part series on advanced research into modern phishing attacks
Ransomware in exotic email attachments
Blog 3 of 5 part series on advanced research into modern phishing attacks
Catching deceptive links before the phish
Blog 2 of 5 part series on advanced research into modern phishing attacks
How to Prioritize High-Risk Phishing Attacks You Otherwise Miss
SupPy Chain Malware - Detecting malware in package manager repositories
Malicious actors are constantly on the lookout for new attack vectors and techniques, using them to infiltrate even the most secure of organizations.
Catching deceptive links before the click
Blog 1 of 5 part series on advanced research into modern phishing attacks
Digital Certificates - Models for Trust and Targets for Misuse 5
Blog 5: Subverting trust with digital counterfeits
Digital Certificates – Models for Trust and Targets for Misuse 4
Blog 4: You are you, but so am I - certificate impersonation
Digital Certificates – Models for Trust and Targets for Misuse 3
Tampering with signed objects without breaking the integrity seal
Digital Certificates – Models for Trust and Targets for Misuse 2
Blog 2: Trust-based models in the age of supply chain attacks
Digital Certificates – Models for Trust and Targets for Misuse 1
Blog 1: Building secure certificate whitelists