RT @NCCGroupInfosec: Blog: Sign over Your Hashes - Stealing NetNTLM Hashes via Outlook Signatures - https://t.co/7sSiRUCL71 by @johnnyspand…

@Mario_Vilas Content was moved mostly to https://t.co/KT5lxOWUpR - cc: @enjenneer / @m4tt_lewis

Blog: Sign over Your Hashes - Stealing NetNTLM Hashes via Outlook Signatures - https://t.co/7sSiRUCL71 by… https://t.co/w9VwGLJFiV

In your emails, getting your hashes  Capturing NetNTLM hashes from network communications is nothing new; a quick Google for ‘Capture NTLM Hashes’ throws up blog posts discussing the various ways to force SMB communications to an attacker and the numerous existing tools to capture the authentication attempt and extract the password hash. Sniffing SMB traffic requires elevated permissions … Continue reading Sign over Your Hashes – Stealing NetNTLM Hashes via Outlook Signatures →

RT @NCCGroupInfosec: Blog: Abusing cloud services to fly under the radar - where we tracked a suspected 🇨🇳 threat actor across 💻 and 🛫 indu…

NCC Group recognised in Now Tech: Managed Detection and Response (MDR) Services Providers, Q4 2020 report by… https://t.co/xq3nUFe9hc

tl;dr NCC Group and Fox-IT have been tracking a threat group with a wide set of interests, from intellectual property (IP) from victims in the semiconductors industry through to data from the airline industry. In their intrusions they regularly abuse cloud services from Google and Microsoft to achieve their goals. NCC Group and Fox-IT observed … Continue reading Abusing cloud services to fly under the radar →

We wanted to build a mechanism to capture all the passwords used (successful or not) against RDP to ascertain potential sources of credential theft and if they are organisation specific. This post provides the background on an approach and the steps to build such a system.

We’re proud to be supporting @SURF_NL in the launch of its new security operations centre, surfSOC. Find out more a… https://t.co/riSq6Dcnyo