INFIGO IS

INFIGO IS

Computer and Network Security

Zagreb, Zagreb 3,089 followers

Information security and data analytics company

About us

Every day INFIGO IS' products protect thousands of organizations, hundreds of thousands of their employees and users. Through the power of big data we have learned how to do stuff that others can't, and how to do it well. That is why, since its founding in 2005, INFIGO IS is constantly growing every year in every metric. Our main focus is on information security through security solution implementation, cyber risk and compliance consulting, security assessment and protection services, and inhouse developed software products. Or in more simpler terms, we are hackers who can look at a system, find out what's wrong and then develop the best solution for the problem at hand. That is why INFIGO IS' employees are constantly developing new skills and collecting certificates from leading globally recognized international organizations (ISC2, ISACA, SANS, BSI...). Some have taken that to the extreme and today they are SANS instructors... INFIGO IS has offices in five countries, and clients all around Europe, the Middle East, and Africa, but we aren't stopping there. In the end, in a world that is always talking about disruption, INFIGO IS has a different philosophy – our dedication is bringing extra value to our clients, helping them grow and protecting their businesses, enabling them in the process to give their own users previously untapped benefits. We are all connected, big data is the best proof of that, and when everything is said and done, everybody should benefit. And that is our mission – good life, good business, for all.

Website
https://www.infigo.is
Industry
Computer and Network Security
Company size
51-200 employees
Headquarters
Zagreb, Zagreb
Type
Self-Owned
Founded
2005
Specialties
Penetration testing, Vulnerability assessments, GDPR, SIEM, Telco Anti Fraud, Banking Anti Fraud, SOC, MSSP, MSS, FRAML, Offensive security, Consulting, Information security, Splunk, Splunk professional services, Cyber Security, anti-money laundering, and AML

Locations

Employees at INFIGO IS

Updates

  • Mato, a great guy and a damn fine incident responder, serves a nugget of expertise. As always, delicious!

    View profile for Mato Vlajčić, graphic

    Cybersecurity Researcher

    Like in IR cases where you are going through various forensic and mitigation tasks on a micro level, but in reality, on a macro level, you are just trying to identify "chokepoints" and leverage them to make the engagement more effective. The very same approach is effective in adversary hunting when you want to map a TA’s resources and generate intel before those resources are weaponized and used. The TA responsible for this LummaC2 cluster chose to put the C2 server behind Cloudflare, use 3-month valid SAN wildcard certificates from Let's Encrypt, and rely on Namecheap as the registrar for domains. With that design choice, there are essentially two different certificates: one from the C2 server and one from Cloudflare. Both have the same name, same attributes, and same timestamps, but the issuers are different. Combining that information with registrar data brings you closer to identifying a "chokepoint". Furthermore, by adding metadata from responses or TLDs, you can pinpoint a "chokepoint" at the TA's design level—without relying on OPSEC failures.

    • No alternative text description for this image
    • No alternative text description for this image
    • No alternative text description for this image
  • We're looking for a cyber security consultant, on-site, for our Zagreb office – a cyber security consultant that would fit us perfectly should be specialized in infosec technical domains since we like people who know what they're talking about. Consultants, at least at Infigo, are people with a tremendous pool of knowledge, battle-hardened professionals who know how information systems work in practice, not just on paper. But check it out for yourself and if you think we would be a good match, apply.

  • View organization page for INFIGO IS, graphic

    3,089 followers

    [HR] Ovih dana 𝗜𝗻𝗳𝗶𝗴𝗼𝘃 𝗖𝘆𝗯𝗲𝗿 𝗧𝗵𝗿𝗲𝗮𝘁 𝗜𝗻𝘁𝗲𝗹𝗹𝗶𝗴𝗲𝗻𝗰𝗲 𝘁𝗶𝗺 radi prekovremeno i otkrio je 𝗻𝗼𝘃𝗶 𝗽𝗼𝘁𝗲𝗻𝗰𝗶𝗷𝗮𝗹𝗻𝗶 𝘀𝗲𝘁 𝗽𝗵𝗶𝘀𝗵𝗶𝗻𝗴 𝗱𝗼𝗺𝗲𝗻𝗮, ovaj put usmjeren prema korisnicima Hrvatske pošte. Kako je sad vrijeme kada se intenzitet slanja paketa povećava, treba biti posebno pažljiv. Novoregistrirane sumnjive domene, od kojih su neke prikazane kao „čiste“, su: • Hrposta[.]sbs • postahr[.]com • hrvatska-posta-hr[.]com • hrvatska-posta[.]com • postahr-info[.]com • hrpostal[.]com • hrposta-info[.]com • trackposta-hr[.]com • hrposta-dostava[.]com Makar nikad ne možete biti 100 posto sigurni da se radi o phishing domenama (sve dok se ne aktiviraju), velika je vjerojatnost da se ovdje radi baš o tome – ovisno s kojeg se geografskog područja spajate domena hrposta-info[.]com je aktivna i oponaša web Hrvatske pošte, traži korisničke podatke (uključujući i broj kreditne kartice), a smatra se „čistom“ (ako pogledate screenshot). 𝗡𝗮𝘇𝗮𝗹𝗼𝘀𝘁, 𝗻𝗶𝘁𝗶 𝗷𝗲𝗱𝗻𝗮 𝗼𝗿𝗴𝗮𝗻𝗶𝘇𝗮𝗰𝗶𝗷𝗮 𝗻𝗲 𝗺𝗼𝘇𝗲 𝘀𝗽𝗿𝗶𝗷𝗲𝗰𝗶𝘁𝗶 𝗽𝗵𝗶𝘀𝗵𝗶𝗻𝗴 𝗽𝗼𝗸𝘂𝘀𝗮𝗷𝗲, tj. oponašanje svojeg branda i izgleda weba, a isto tako se svakome može dogoditi da nasjedne na phishing napad – dovoljna je samo sekunda nepažnje, naporan radni dan, malo brzopletosti ili pomalo od svega navedenoga. Korisnici Infigove Cyber Threat Intelligence usluge dobivaju informacije koje omogućavaju organizacijama da se proaktivno bore protiv napadača, a 𝘂 𝗸𝗼𝗺𝗯𝗶𝗻𝗮𝗰𝗶𝗷𝗶 𝘀 𝗧𝗵𝗿𝗲𝗮𝘁 𝗛𝘂𝗻𝘁𝗶𝗻𝗴𝗼𝗺 uvijek s na visokoj razini pripravnosti. Pojedinci koji nemaju iza sebe takvu mašineriju moraju biti na stalnom oprezu (pogotovo kad dobiju poruke u kojima se traži nešto hitno i od velike važnosti), dobro provjeravati linkove koje dobivaju, nikad ne upisivati osobne podatke (pogotovo ne brojeve kartica!) osim ako apsolutno, ali apsolutno nisu sigurni da se radi o legitimnom izvoru… I da, redovito čitati provjerene medijske izvore poput Bug d.o.o. (https://lnkd.in/g7HwcFzr) koji je upozorio javnost na ovaj zadnji val napada :)

    • No alternative text description for this image
  • [HR] U četvrtak smo objavili post o potencijalnim 𝗻𝗼𝘃𝗶𝗺 𝗽𝗵𝗶𝘀𝗵𝗶𝗻𝗴 𝗱𝗼𝗺𝗲𝗻𝗮𝗺𝗮, koje je otkrio Infigov Cyber Threat Intelligence tim, koje ciljaju servis e-Građani, a u petak se već jedna 𝗱𝗼𝗺𝗲𝗻𝗮 (𝗲𝗴𝗿𝗮𝗱𝗮𝗻𝗶[.]𝗰𝗼𝗺) 𝗮𝗸𝘁𝗶𝘃𝗶𝗿𝗮𝗹𝗮. 𝗪𝗲𝗯 𝘀𝘁𝗿𝗮𝗻𝗶𝗰𝗮 𝗼𝗽𝗼𝗻𝗮𝘀𝗮 𝘀𝗽𝗼𝗺𝗲𝗻𝘂𝘁𝗶 𝘀𝗲𝗿𝘃𝗶𝘀, 𝗮𝗹𝗶 𝗽𝗼𝗸𝘂𝘀𝗮𝘃𝗮 𝘂𝗸𝗿𝗮𝘀𝘁𝗶 𝘃𝗷𝗲𝗿𝗼𝗱𝗮𝗷𝗻𝗶𝗰𝗲 𝗽𝗿𝗲𝗸𝗼 𝗱𝗲𝘃𝗲𝘁 𝗯𝗮𝗻𝗮𝗸𝗮 – Hrvatska poštanska banka, dioničko društvo, Privredna banka Zagreb d. d., OTP banka Hrvatska, Addiko Bank Hrvatska, Podravska banka, Zagrebačka banka, Raiffeisenbank Hrvatska, Erste&Steiermärkische Bank d.d. (Erste Bank Croatia), Istarska kreditna banka Umag. Kako izgleda web stranica i kako dobro oponaša legitimne webove možete vidjeti u kratkom videu. Dakako, 𝗼𝗯𝗮𝘃𝗶𝗷𝗲𝘀𝘁𝗶𝗹𝗶 𝘀𝗺𝗼 𝘀𝘃𝗲 𝗯𝗮𝗻𝗸𝗲, 𝘀𝘃𝗶𝗺 𝗻𝗮𝘀𝗶𝗺 𝗸𝗹𝗶𝗷𝗲𝗻𝘁𝗶𝗺𝗮 𝗽𝗿𝗼𝘃𝗲𝗹𝗶 𝘀𝗺𝗼 𝗧𝗵𝗿𝗲𝗮𝘁 𝗛𝘂𝗻𝘁𝗶𝗻𝗴 𝗮𝗸𝘁𝗶𝘃𝗻𝗼𝘀𝘁𝗶, 𝗱𝗼𝗱𝗮𝗹𝗶 𝗜𝗢𝗖-𝗲 𝘂 𝗦𝗢𝗖, 𝗸𝗿𝗲𝗶𝗿𝗮𝗹𝗶 𝗻𝗼𝘃𝗮 𝗱𝗲𝘁𝗲𝗸𝗰𝗶𝗷𝘀𝗸𝗮 𝗽𝗿𝗮𝘃𝗶𝗹𝗮, 𝗽𝗼𝘃𝗲𝗰𝗮𝗹𝗶 𝗽𝗿𝗮𝗰𝗲𝗻𝗷𝗲 𝗮𝗸𝘁𝗶𝘃𝗻𝗼𝘀𝘁𝗶... Pokušavamo ugasiti phishing web, no pošto je stranica poslužena s hosting providera u Rusiji, a DNS poslužitelj je iz Kine, nismo sigurni kojom brzinom (ako) će biti ugašena. Više o tome što se događa i popis nađenih phishing domena možete vidjeti u postu koji smo objavili u četvrtak (https://lnkd.in/dAQ7NdQz).

  • [HR] Infigovi sigurnosni stručnjaci otkrili su neobične domene koje bi se mogle 𝗶𝘀𝗸𝗼𝗿𝗶𝘀𝘁𝗶𝘁𝗶 𝘇𝗮 𝗽𝗵𝗶𝘀𝗵𝗶𝗻𝗴 i biti 𝘂𝘀𝗺𝗷𝗲𝗿𝗲𝗻𝗲 𝗽𝗿𝗼𝘁𝗶𝘃 𝗴𝗿𝗮đ𝗮𝗻𝗮 𝗥𝗲𝗽𝘂𝗯𝗹𝗶𝗸𝗲 𝗛𝗿𝘃𝗮𝘁𝘀𝗸𝗲 pa je potreban dodatan oprez. Kako je jučer Ministarstvo unutarnjih poslova Republike Hrvatske upozoravalo, i kako su to prenijeli mediji poput Index.hr, Nova TV, tportal.hr i drugi, pojavila se lažna domena koja je oponašala uslugu e-Građani. 𝗜𝗻𝗳𝗶𝗴𝗼𝘃 𝗖𝘆𝗯𝗲𝗿 𝗧𝗵𝗿𝗲𝗮𝘁 𝗜𝗻𝘁𝗲𝗹𝗹𝗶𝗴𝗲𝗻𝗰𝗲 𝘁𝗶𝗺 kopao je dublje te našao još neke sumnjive domene. Dok neke od njih određeni sigurnosni alati označavaju kao zloćudne, četiri još imaju zdravu reputaciju i postoji mogućnosti da će ih napadač upotrijebiti (izgledom oponašaju sustav e-Građani i NIAS, upravljanje elektroničkim identitetima). Te domene su (točka je stavljena unutar zagrada kako se domene ne bi automatski prikazale): • nias-e-gradani-hr[.]com • hr-gradani-prijava[.]info • hr-gov-prijava[.]info • nias-gov[.]info Ostale sumnjive domene: • e-gradani[.]com • e-gradanin-gov[.]com • nias-egradani-gov-hr[.]com • nias-egradani-gov[.]com • gov-egradani[.]com • nias-prijava-hr[.]com • nias-gov-hr[.]com • nias-hr[.]info • egradani-novcanakazna-hrv[.]com Što sad? 𝗞𝗮𝗼 𝗽𝗼𝗷𝗲𝗱𝗶𝗻𝗰𝗶 𝗯𝘂𝗱𝗶𝘁𝗲 𝘂𝘃𝗶𝗷𝗲𝗸 𝗻𝗮 𝗼𝗽𝗿𝗲𝘇𝘂, a kao organizacije vršite 𝗮𝗸𝘁𝗶𝘃𝗻𝗶 𝗻𝗮𝗱𝘇𝗼𝗿 𝗱𝗼𝗺𝗲𝗻𝗮 te blokirajte ove s popisa jer ih napadač još nije sve iskoristio. 𝗞𝗼𝗱 𝗵𝗿𝘃𝗮𝘁𝘀𝗸𝗶𝗵 𝗸𝗼𝗿𝗶𝘀𝗻𝗶𝗸𝗮 𝗜𝗻𝗳𝗶𝗴𝗼𝘃𝗶𝗵 𝗠𝗦𝗦 𝘂𝘀𝗹𝘂𝗴𝗮 𝗼𝗱𝗺𝗮𝗵 𝘀𝘂 𝗽𝗿𝗼𝘃𝗲𝗱𝗲𝗻𝗲 𝗧𝗵𝗿𝗲𝗮𝘁 𝗛𝘂𝗻𝘁𝗶𝗻𝗴 𝗮𝗸𝘁𝗶𝘃𝗻𝗼𝘀𝘁𝗶 kako bi se utvrdilo da li je došlo do potencijalne krađe podataka. Normalno, uvijek je dobro dijeliti informacije s nacionalnim CERT-om u CARNET - Croatian Academic and Research Networku, ZSIS-om, Croatian Data Protection Authority-Agencija za zaštitu osobnih podataka, MUP-om i svim drugim tijelima koja će dodatno obavijestiti sve građane protiv kojih su budući napadi okrenuti. Ovo je ujedno 𝗷𝗲𝗱𝗮𝗻 𝗼𝗱 𝗽𝗿𝗶𝗺𝗷𝗲𝗿𝗮 𝘃𝗿𝗶𝗷𝗲𝗱𝗻𝗼𝘀𝘁𝗶 𝗖𝘆𝗯𝗲𝗿 𝗧𝗵𝗿𝗲𝘁 𝗜𝗻𝘁𝗲𝗹𝗹𝗶𝗴𝗲𝗻𝗰𝗲 𝘂𝘀𝗹𝘂𝗴𝗲 – dobivanje informacija o opasnostima prije nego što vas one pogode i naštete.

    • No alternative text description for this image
    • No alternative text description for this image
    • No alternative text description for this image
    • No alternative text description for this image
  • INFIGO IS reposted this

    View profile for Bojan Zdrnja, graphic

    Chief Technology Officer at INFIGO IS

    Majority of #red #team engagements that we have been performing lately are assume breach scenarios, where we are usually given access as a regular non-privileged domain user, and our implant gets executed in the target environment. In such a scenario, next steps usually include reconnaissance, privilege escalation and lateral movement. There is a very nice mechanism that Benjamin Deply (famous Mimikatz/Kekeo author) published some time ago that abuses Kerberos service ticket retrieval for a service that has unconstrained delegation. This allows an attacker to fetch the logged in user's TGT, which can be then further used. Well, thanks to Credential Guard, it did not work in one of our tests so I wrote a SANS Internet Storm Center diary with some (I hope interesting) details of why this did not work. The diary is available at https://lnkd.in/deg4XwMM And if you want us to test your networks, either in a penetration test or red team scenario let us know! #redteam #penetrationtesting #kerberos #delegation #tgt #sans

    • No alternative text description for this image
    • No alternative text description for this image

Similar pages