& Blogs
News & Blogs
December 4, 2020
New Zealand Privacy Act 2020: standout features, fines and global comparisons
New Zealand's updated Privacy Act came into force on 1 December 2020.
December 4, 2020
Snakes & Ladders: the offensive use of Python on Windows
As Microsoft further integrates Python into its ecosystem, there are concerns around the offensive use of it. Can these offensive attacks be mitigated and are the current control mechanisms enough to stop this happening?
November 30, 2020
ATT&CK'ing it wrong - how to use ATT&CK effectively at an NZ scale
Hamish Krebs, Cyber Security Lead Consultant, recently spoke at CHCon - an event held in Christchurch for cyber security professionals and hackers. Born out of frustrations and learnings behind the MITRE ATT&CK framework, his presentation explored how to go from 'ATT&CK’ing it wrong' to 'ATT&CK’ing it effectively'.
October 7, 2020
Cyber security advice for NZ's small and medium enterprises
Jeremy Jones, Head of Cyber Security at Theta, recently spoke to stuff.co.nz about the increasing numbers of cyber attacks being reported across New Zealand.
September 4, 2020
Ransomware attacks: lessons and emergent trends from the frontline
Ransomware attacks are hitting some of the biggest organisations across the globe right now, with devastating consequences for its victims.
August 6, 2020
Part 3: Analysing MedusaLocker ransomware
(Part 3 of 3) In this 3-part post, we share the tradecraft from an RDP brute force linked ransomware event (MedusaLocker) we responded to in June 2020. We cover the business ramifications of the attack, technical analysis and some advice based on attacks such as these. Continued from parts 1 and 2...
August 5, 2020
Part 2: Analysing MedusaLocker ransomware
(Part 2 of 3) In this 3-part post, we share the tradecraft from an RDP brute force linked ransomware event (MedusaLocker) we responded to in June 2020. We cover the business ramifications of the attack, technical analysis and some advice based on attacks such as these. Continued from part 1...
August 4, 2020
Part 1: Analysing MedusaLocker ransomware
In this 3-part post, we share the tradecraft from an RDP brute force linked ransomware event (MedusaLocker) we responded to in June 2020. We cover the business ramifications of the attack, technical analysis and some advice based on attacks such as these.
July 27, 2020
Cyber exploitation at scale: don't become a victim of remote access exploitation
Let’s face it – it’s been a tough period for remote access solutions, especially when we’re so dependent upon it. First, we had the myriad of SSL-VPN’s from the likes of Cisco, F5, Palo Alto, Cisco, Fortinet and Pulse Secure – going from being an enterprise security product to the worst nightmare for a security team overnight.