Samples which look like exploits for the recent MS Office vulnerability CVE-2026-21509 have been detected by CERT-UA and published today on MalwareBazaar.
It turns out they can be detected by the olecheck tool I had released this week, and the last version of oletools: see below
@CyberRacheal None of the above.
If you trust the network, it's not 0 trust.
What you describe in B is perimetrical defense, and doesn't work if subnets are not properly isolated, which is often the case in professional settings like active directory, workgroup, ...
@IntCyberDigest When speakers don’t read the CCC ethics guidelines. "Don't litter other people's data.; Make public data available, protect private data." This is lame for both CCC and the Speaker. Hackers != Crackers get back to your basics.
@assume_breach Additionnally in those days we had time before the tests to review documentation of all target technologies.
Learning was part of the fun. Most of hackers were dev and admins in their free time.
Security was a consequence of the well designed, improved systems.
@assume_breach Hello,
I will feel very old for just a few moments 🤣 but want to reply on :
"the infrastructure pentesters were expected to know how to do WebApp and AppSec stuff. Wierd huh?"
Back in the days computer Hacking was basically code optimisation.
@assume_breach That was also explaining why pentest missions were more expensive than dev, or admin. And why not every admin / dev coulds pretend to pentesting.
The amount of knowledge and continuous training required was huge.
@assume_breach Of course some pentesters were specialised in some domains and were expected to form teams of complementary expertise to be able to give said advices.
However it seem difficult to give an advice of the overall level of security if you don't study each part of the system.
@assume_breach What elected hackers to give advices on security was their deep knowledge (as a team) of nearly everything between Layer 1 and 7.
Basically because they were admins and devs.
As an heritage of those time pentesters are expected to have deep knowledge of the full stack.
L’association @InterCERTFrance est à la recherche d’un responsable technique pour gérer l’infrastructure de services fournis à ses membres. Si vous voulez mettre un pied dans la cybersecurité opérationnelle et aider les entreprises 🇫🇷 à échanger 👇
https://t.co/B9MxDAIXXR