Illusive Labs Blog | Illusive Networks

Technical cybersecurity perspectives focusing on deceptions,
threat trends, incident response, advanced attacks and new technologies

For open source tools published by the Illusive Labs team, visit our GitHub page.

When Everyone's Dog Is Named Fluffy

Posted by Magal Baz and Tom Sela on Jan 22, 2019 2:52:15 PM

How the new Security Questions feature in Windows 10 can be used as a backdoor to establish domain-wide persistence

In April 2018, Microsoft introduced a security questions feature to enable password recovery in Windows 10. This feature allows a user to regain access to a local account by providing “correct” answers to a series of questions—questions of the sort we all know, such as “What was your first pet’s name?” and “What was your childhood nickname?”

Read More


Phishing the Phishers: Using Attackers’ Own Tools to Combat APT-style attacks

Posted by Dolev Ben Shushan on Dec 28, 2017 6:49:04 AM

As a deceptions researcher, part of my job is to design deceptions against attackers by manipulating or reverse-engineering the common toolkits attackers use. Deceptions are pieces of false information that are planted across the organization and appear as real, relevant information to the attacker. For example, browser deceptions — pieces of information specifically planted in browser history, saved forms, etc. — can be created to lure malicious hackers and insiders to deceptive web servers. In this article, we will show how phishing can be used to catch attackers and how phishing kits can be used for defensive purposes.

Read More


Stay up to date!