All posts by NaijaSecForce

Career PathGRC
Blank Image

Careeer Path Series – Governance, Risk and Compliance (GRC)

In our second series on career path, Mosimi interviewed cybersecurity professionals in Governance, Risk and Compliance(GRC).If you missed it, check out our first series on security assessment. There are two main categories of career paths in cybersecurity- Strategic and Tactical. The Strategic Path focuses on areas such as Governance, Risk and Compliance (GRC), IT Audit, […]...
Career PathSecurity Assessment
Blank Image

Career Path Series – Security Assessment

Cybersecurity as we know it today has many subdomains but alot of people tend to focus on some very few(penetration testing and it’s variants).While that is intresting, there are so many opportunites in other subdomains.It is for this reason that Mosimiolu – A senior cybersecurity consultant and a member of the NaijaSecForce interviewed prominent Nigerian […]...
EDRHackingRed Teaming
Blank Image

Winning Your ‘Arguments’ with EDRs.

A recent client engagement had me thinking about ways to evade security tools that rely heavily on command line arguments. During a red team task, I wanted to dump the SAM database of the victim’s system, but I knew that commands such as “reg save HKLM\SAM SAM” would easily be caught by the installed EDR. […]...
HackingRed Teaming
Blank Image

Red Teaming with Covenant and Donut

Overview Red Teaming has rapidly transitioned from Living off the Land (LotL) to Bringing Your Own Land (BYOL). It is now possible to execute .NET assemblies entirely within memory. By developing custom C#-based assemblies, attackers no longer need to rely on the tools present on the target system; they can instead write and deliver their […]...
HackingMalware
Blank Image

Pyrogenic – The JAR-Based Malware Spreading Across Africa and the Middle East

Time Frame 3rd November, 2019 – Current Overview The NaijaSecForce team have detected a new wave of malware spreading across Africa and the Middle East. This malware comes in form of a spam campaign targeting corporate mailboxes within Africa and the Middle east. We started receiving reports of this malware campaign on the 3rd of […]...
ForensicsHacking
Blank Image

THE USB TRAIL: ANTI-FORENSICS AND ANTI-ANTI-FORENSICS BITTER ROMANCE

This article was written for eForensics Magazine USB Mass Storage devices come in several small sizes, capable of usage as attack tools against any group or organization. To this effect, researchers from Ben-Gurion University in Israel have discovered 29 ways USB devices can be used to attack and compromise computer systems. Likewise, the Insider Threat […]...
AfricaCyber securityTalent Shortage
Blank Image

5 Creative Ways African Business Leaders can Tackle Cybersecurity Talent Shortage and Ever-Growing Brain Drain

Are you awake all-night thinking of the effects of Africa’s cybersecurity skills gap and rising brain drain on your team? It’s time to think differently. Recently, my friend and I combed through a mental list of ex-colleagues and realized that we were the last men standing (I am a woman). Everyone in our previous clique […]...
Cyber securitymeetupNetworking
Blank Image

NSC September Abuja MeetUp

Yassss!!! NaijaSecCon held its first Abuja Meet-Up on the 28th of September,2019 after the long wait (smiles). It was a great meetup as there were industry veterans who were available to give talks on various interesting topics and also amazing participants. Mr Onifade Opeyemi who is the CEO of Afenoid enterprise gave a talk on […]...
HackingReverse Shell
Blank Image

There is a shell in your lunch-box

My team was recently engaged by a client (HackMe) to perform a black-box external penetration test. The objective was simple – see how susceptible the organization is from an external point of view and test the effectiveness of the security controls that are managed enterprise-wide. As such, asides, the company name, we were given “ZERO” […]...