Illusive Labs Blog

Technical cybersecurity perspectives focusing on deceptions, threat trends, incident response, advanced attacks and new technologies

When Everyone's Dog Is Named Fluffy

Posted by Magal Baz and Tom Sela on Jan 22, 2019 2:52:15 PM

How the new Security Questions feature in Windows 10 can be used as a backdoor to establish domain-wide persistence

In April 2018, Microsoft introduced a security questions feature to enable password recovery in Windows 10. This feature allows a user to regain access to a local account by providing “correct” answers to a series of questions—questions of the sort we all know, such as “What was your first pet’s name?” and “What was your childhood nickname?”

Read More


A Deception Researcher’s Take-Aways from the 2017 Black Hat Arsenal

Posted by Dolev Ben Shushan on Aug 23, 2017 7:00:00 AM

Most people in cybersecurity are familiar with the Black Hat conference. But whether you know about Black Hat Arsenal depends on how involved you are in the bits and bytes of information security. Some regard Arsenal as one of the best features of the conference. According to the web site, Arsenal allows “independent researchers and the open source community [to] showcase their latest open-source tools and products” in a relaxed, demo-style setting.

Read More


Stay up to date!