Ransomware DLL Hijacking & “The Canary DLL”

You might have seen in some of the security news sites, articles reporting about a security researcher discovering a method to stop certain ransomware samples from running, including Thanos, Conti, REvil etc. The method in question is known as DLL Hijacking and I thought it would be a great opportunity to talk about it in a little more detail, it’s limitations and how a blue team could leverage this in order to add another layer of security.

Continue reading Ransomware DLL Hijacking & “The Canary DLL”

PrintNightmare – CVE-2021-34527


CVE-2021-34527 (dubbed PrintNightmare) is a Remote Code Execution Vulnerability that affects the Windows Print Spooler Service on all Windows Operating Systems. The vulnerability is trivial to exploit, as all an attacker requires to exploit the vulnerability are low level credentials, either on the domain or on the target host, and line of sight to the said host.

Continue reading PrintNightmare – CVE-2021-34527

CySA+ (Version 2) – Guide for 2021

I recently took the CySA+ exam (version 2) and thought it would be useful to share my thoughts on it. From my experience I felt the CySA+ exam is one of the best exams I’ve encountered that is specifically tailored towards Cyber Security Analysts working within a Security Operations Centre. Literally everything I came across while preparing for the exam would (at least in my opinion) be something I encountered as an analyst. I would 100% recommended giving it a go if you are thinking of it.  

Continue reading CySA+ (Version 2) – Guide for 2021