cybersecurity
education
€ EUR
  • $ USD
  • € EUR

CQURE Hacks #79: Azure Storage Misconfiguration in Practice From Public Blob to Key Vault Access

Starting with a simple inspection of a web application, we uncover an exposed Azure Blob Storage container with anonymous listing enabled. From there, we demonstrate how attackers can enumerate additional containers, discover sensitive internal information, and take advantage of blob versioning to recover deleted credential files. The attack escalates quickly – by retrieving an old […]

CQURE Hacks #80: Detecting DDoS Attacks in Real Time with KQL & Azure Data Explorer

DDoS (Distributed Denial of Service) attacks remain one of the most common and disruptive cyber threats today. Instead of focusing on theory, this video walks you through realistic network data and shows how to identify attack patterns using powerful, real-time analytics. What you’ll learn: 1. How to detect SYN flood attacks using connection timeouts and […]

CQURE Hacks #78: 3 Advanced KQL Queries for Faster Security Analysis

Traditional SOC workflows are slow, relying on manual log reviews and reactive alerting that often leaves you one step behind. When malware hides in encrypted payloads or fileless scripts, standard signatures simply aren’t enough. In this episode, we move beyond basic searches to implement three powerful queries designed to speed up your analysis: 1. Behavioral […]

CQURE Hacks #77: From SQL Login to Full System Compromise

Starting from an exposed SQL Server instance, we demonstrate how weak credentials can be exploited to gain access using a brute-force attack. Once authenticated as the powerful sa account, the attack quickly escalates beyond the database. We show how an attacker can: This episode highlights how small security gaps — like weak passwords and excessive […]

CQURE Hacks #76: Evading EDR Using Signed Driver

Setting up an EDR is a good first step, but simply having it installed doesn’t mean you’re protected. Many organizations rely on default settings, assuming the tools handle everything automatically.  However, modern attackers know exactly how to work around those standard configurations. If your endpoints are invisible to your security team, or if your protection rules aren’t tuned to your specific environment, you’re leaving gaps […]

CQURE Hacks #75: NTFS Forensics – Recovering Deleted Files and Analyzing MFT Records

When you remove a file in Windows, the operating system marks the space as available, but the data often stays behind. By using Sleuthkit’s fls tool and MFTECmd, we can bypass the GUI to read the Master File Table directly.  This allows us to see deleted entries and even track the source URL via the Zone.Identifier stream. One of the most critical findings […]

CQURE Hacks #74: Microsoft SQL Server Privilege Escalation

We’re diving into a classic but devastatingly effective exploit path. Many organizations leave their SQL Servers vulnerable through a combination of three simple misconfigurations: a database set to “trustworthy,” an owner with sysadmin rights (like SA), and a low-privilege user with db_owner permissions. By abusing these settings, an attacker can create a stored procedure that […]

CQURE Hacks #73: Using a Malicious LNK File to Take Over Infrastructure (LNK Relay)

The scenario is straightforward: a regular domain user has WRITE permissions on a shared folder. That’s enough to plant a malicious .lnk file pointing to an attacker-controlled SMB server. The moment another user browses that share in File Explorer, the system attempts authentication automatically – and the NETNTLMv2 response is captured. From there, the path […]

CQURE Hacks #72: KQL Threat Hunting – One Query, Three Hunts

In active-duty security, time is your most valuable asset. Most hunters struggle because they try to write a brand-new query for every single alert. This creates a messy library of code that is hard to manage. Kajetan, one of our frontline experts, shows you how to use one “Base Query” as a launchpad for three […]

How can we help you?

Suggested searches

    Search history

      Popular searches:

      Not sure what course to look for?

      Mobile Newsletter Form