Tag Archives: naijasecforce

Data breaches
Blank Image

Data Breaches in 2019

Many organisations today are leveraging the cloud to transform their business and help with cost reduction. However, the adoption of cloud technology introduces new risks, security and privacy concerns. One of these risks introduced are Data Breaches. There is an increasing number of exposed databases containing Personal Identifiable Information (“PII”) and Personal Health Information (“PHI”) and even sensitive company data (more details later on). ...
Bug bountyCareer Path
Blank Image

Career Path Series – Bug Bounty

On this series on career path, Mosimi interviewed cybersecurity profesionals on bug bounty. Bug bounty is a tactical path in cybersecurity that gives security researchers an opportunity to report vulnerablilites in softwares and application that can be exploited. Bug bounty programs allow the developers to discover and resolve bugs before the general public is aware of them, preventing incidents of widespread abuse. There are various bug bounty platforms that offers bug bounty hunters an oppourtunity to get paid for finding security flaws in applications/softwares. This includes Hackerone, Bugcrowd, Facebook, and Google Project Zero among others. Bug bounty programs promotes responsible disclosure and it is powering millionnaire hackers globally. According to HackerOne, "a critical vulnerability solution can yield a hacker an average of $3,384."...
HackingMalwareThreat Intelligence
Blank Image

Emotet Malspam Q4, 2019 campaign.

Starting from late November, 2019 till now (9th December, 2019), the NaijaSecForce team detected a surge in Emotet spam campaign targeting corporate mailboxes within Africa and Globally. Emotet is not new as it was first recorded in 2014. Emotet is an extremely sophisticated and destructive banking Trojan used to download and install other malware. ...
Career PathGRC
Blank Image

Careeer Path Series – Governance, Risk and Compliance (GRC)

In our second series on career path, Mosimi interviewed cybersecurity professionals in Governance, Risk and Compliance(GRC).If you missed it, check out our first series on security assessment. There are two main categories of career paths in cybersecurity- Strategic and Tactical. The Strategic Path focuses on areas such as Governance, Risk and Compliance (GRC), IT Audit, […]...
Career PathSecurity Assessment
Blank Image

Career Path Series – Security Assessment

Cybersecurity as we know it today has many subdomains but alot of people tend to focus on some very few(penetration testing and it’s variants).While that is intresting, there are so many opportunites in other subdomains.It is for this reason that Mosimiolu – A senior cybersecurity consultant and a member of the NaijaSecForce interviewed prominent Nigerian […]...
EDRHackingRed Teaming
Blank Image

Winning Your ‘Arguments’ with EDRs.

A recent client engagement had me thinking about ways to evade security tools that rely heavily on command line arguments. During a red team task, I wanted to dump the SAM database of the victim’s system, but I knew that commands such as “reg save HKLM\SAM SAM” would easily be caught by the installed EDR. […]...
HackingRed Teaming
Blank Image

Red Teaming with Covenant and Donut

Overview Red Teaming has rapidly transitioned from Living off the Land (LotL) to Bringing Your Own Land (BYOL). It is now possible to execute .NET assemblies entirely within memory. By developing custom C#-based assemblies, attackers no longer need to rely on the tools present on the target system; they can instead write and deliver their […]...
Blank Image

Pyrogenic – The JAR-Based Malware Spreading Across Africa and the Middle East

Time Frame 3rd November, 2019 – Current Overview The NaijaSecForce team have detected a new wave of malware spreading across Africa and the Middle East. This malware comes in form of a spam campaign targeting corporate mailboxes within Africa and the Middle east. We started receiving reports of this malware campaign on the 3rd of […]...
Blank Image


This article was written for eForensics Magazine USB Mass Storage devices come in several small sizes, capable of usage as attack tools against any group or organization. To this effect, researchers from Ben-Gurion University in Israel have discovered 29 ways USB devices can be used to attack and compromise computer systems. Likewise, the Insider Threat […]...
AfricaCyber securityTalent Shortage
Blank Image

5 Creative Ways African Business Leaders can Tackle Cybersecurity Talent Shortage and Ever-Growing Brain Drain

Are you awake all-night thinking of the effects of Africa’s cybersecurity skills gap and rising brain drain on your team? It’s time to think differently. Recently, my friend and I combed through a mental list of ex-colleagues and realized that we were the last men standing (I am a woman). Everyone in our previous clique […]...