This article goes into details of the Defence scenario, where the participants had to repel an attack conducted by the Red Team.

JSON Web Tokens (JWT) mechanisms for user authentication become more and more popular in the applications. JWT gained particular popularity with the growing famousness of the microservice architecture: it entrusts the processing authentication data to the microservices, and therefore allows to avoid various authorisation errors, increase productivity and improve application scalability...

Nowadays, cyberthreats are becoming more sophisticated. Attackers can successfully evade security systems, whilst staying off the radar, unnoticed by corporate cybersecurity teams.

In the previous article, we explained the essence of Threat Hunting and demonstrated its capability in detecting modern cyberthreats. With small examples, we analysed various hunting approaches such as IoC-, Tool- and TTPs-based approaches and the differences between them.

In the first publication from the series of articles, we have explored the Threat Hunting approach, its difference from the classical approach to cybersecurity incident monitoring and the essential components for integrating this method. In the second publication, we delved deeper and demonstrated Threat Hunting in action with an example of a potential incident and tested several hypotheses to detect various techniques used by attacker in this incident.

Deserialisation of untrusted data is ranked 8th in the 2017 OWASP Top Ten list of the most critical security risks to web applications. This vulnerability is identified as CWE-502, and occurs when the application deserialises data from an untrusted source without proper validation. Deserialisation mechanisms are often exploited by attackers to gain remote code execution in the compromised system.

Basic hygiene is an effective method of preventing viruses. Today this is especially true for both the physical and the cyber worlds…