forensic

Contenido forensic

Blog posted on 28/11/2024

This article aims to present a brief example guide for an implementation of the new standard in a supplier's facilities.

Going through the critical points of the standard, a generic use case will be followed to exemplify how a vehicle manufacturer can adapt its processes to comply with the new standard in an efficient and effective way.

By presenting an overview of the standard and production processes, the aim is to provide a brief guide to serve as a starting point and help avoid common failures in industrial environments when faced with new regulations, such as redundancy of effort, inefficiency in resource management and deficiencies in the application of safety measures.

Blog posted on 14/11/2024

A  CI/CD (Continuous Integration/Continuous Deployment) pipeline is an essential tool in modern software development, which allows you to automate and optimize the entire development lifecycle, from code integration to its deployment in production. The article aims to explain security in  CI/CD pipelines, motivating readers to adopt automated practices that not only optimize software development, but also minimize the associated risks. Keep in mind that automation carries certain risks if not handled safely, as it can increase the attack surface for cybercriminals. It underscores the importance of implementing security controls at every stage of the pipeline, urging developers to take initiative-taking steps to protect their code, their environments, and ultimately, their final products.

Blog posted on 19/09/2024

MITRE Caldera OT stands out mainly for being an open-source tool that allows the simulation of different cyber-attacks in industrial environments. This tool was created by MITRE and CISA (US Cybersecurity and Infrastructures Security Agency), as the experts saw the need to be able to improve and understand cybersecurity in industrial environments without using a high number of resources.

In addition, this tool is designed to be used by both the Red Team and the Blue Team, allowing both teams to collaborate with each other to improve the level of cyber security in these environments.

Blog posted on 29/08/2024

The ability to monitor and analyze the behavior of users and entities becomes crucial for early detection and response to potential threats. UEBA solutions identify unusual or anomalous patterns in user behavior, enabling rapid identification of internal threats or external compromises. This post focuses on how UEBA analysis is becoming an essential tool for a cybersecurity strategy, from identifying suspicious behavior to preventing potential security breaches.

Blog updated on 25/07/2024

In the industrial environment, the interconnection of industrial equipment for maintenance via the Internet is becoming increasingly common. However, this has also opened the door to a new and dangerous landscape of threats. This article reviews one of the most representative threats within this current new paradigm, APTs, how concern about this type of threat is increasing, and how they operate during an industrial attack.

Blog updated on 11/07/2024

UMAS (Unified Messaging Application Services) is a Schneider Electric (SE) proprietary protocol used to configure and monitor Schneider Electric programmable logic controllers (PLCs). While it is true that the protocol is related to this manufacturer, the use of the protocol is quite widespread in different sectors, especially the energy sector, as is obvious.

The article will focus on the technical breakdown of the protocol and the use of the protocol. The article will also show weaknesses, strengths and some technical vulnerabilities detected in this protocol.

Blog posted on 04/07/2024

In the complex web of network infrastructure, the Internet Routing Registry (IRR) stands out as an essential component, playing an important role in the coordination and security of routing policies. Its benefits are significant in building a cyberspace free of spoofing-type attacks. Knowing how to create and maintain objects in the IRR is essential for operators of Internet infrastructures. This article presents its fundamental elements and the tools that help in its life cycle

Blog posted on 30/05/2024

En la actualidad, el sector industrial se ha convertido en uno de los blancos más frecuentes de los ciberdelincuentes. Convirtiendo el cibercrimen en uno de los principales riesgos del sector, ya que el objetivo preferido en las redes industriales son los equipos críticos que desempeñan un papel fundamental en el sistema. Por tanto, en este artículo, exploraremos las distintas fases y formas de un ciberincidente en un entorno industrial, para entender el riesgo que representan y como prevenirlos.

Blog posted on 23/05/2024

Babuk Tortilla is a version of the original Babuk ransomware, which emerged after the leak of its source code, and which attracted attention in the cybersecurity landscape due to the intention of being deployed on vulnerable servers.

This article reviews its origin and operation, focusing on its modus operandi and the techniques used to breach the security of data and systems. It also provides key tools and recommendations to identify and neutralize its effect on technological infrastructures, providing users with the necessary knowledge to defend against this significant risk. Understanding how Babuk Tortilla works and its recovery mechanisms is vital.

Blog posted on 11/04/2024

Since its appearance in 2022, Black Basta has established itself as one of the most dangerous ransomwares in the current landscape, standing out for its ability to carry out double extortion attacks, stealing and encrypting data from its victims. Although it focuses on Windows systems, versions for Linux systems that attack ESXi hypervisors have also been discovered. At the end of December 2023, a renowned ethical hacking lab in Berlin published a decryption tool on GitHub to combat it. Although the group has recently updated its software to fix this flaw, the release of the decryption tool represents a major blow against its operations. In this article, we take a closer look at how this ransomware works, exploring the methods it employs to compromise the integrity of data and systems and presenting the decryption method for its vulnerable version.