CQURE Hacks #79: Azure Storage Misconfiguration in Practice From Public Blob to Key Vault Access
Starting with a simple inspection of a web application, we uncover an exposed Azure Blob Storage container with anonymous listing enabled. From there, we demonstrate how attackers can enumerate additional containers, discover sensitive internal information, and take advantage of blob versioning to recover deleted credential files. The attack escalates quickly – by retrieving an old […]
CQURE Hacks #81: The Ultimate KQL Query Toolkit for Threat Hunters and Security Analysts
I’m going to show you eight essential queries that cover everything from daily baselining to advanced threat hunting. For each query, I’ll explain what it does, when to run it, and why it matters. Let’s jump right in.” QUERY 1: Baseline Traffic Overview First up – the morning routine. This daily traffic overview is what […]
CQURE Hacks #80: Detecting DDoS Attacks in Real Time with KQL & Azure Data Explorer
DDoS (Distributed Denial of Service) attacks remain one of the most common and disruptive cyber threats today. Instead of focusing on theory, this video walks you through realistic network data and shows how to identify attack patterns using powerful, real-time analytics. What you’ll learn: 1. How to detect SYN flood attacks using connection timeouts and […]
CQURE Hacks #78: 3 Advanced KQL Queries for Faster Security Analysis
Traditional SOC workflows are slow, relying on manual log reviews and reactive alerting that often leaves you one step behind. When malware hides in encrypted payloads or fileless scripts, standard signatures simply aren’t enough. In this episode, we move beyond basic searches to implement three powerful queries designed to speed up your analysis: 1. Behavioral […]
CQURE Hacks #77: From SQL Login to Full System Compromise
Starting from an exposed SQL Server instance, we demonstrate how weak credentials can be exploited to gain access using a brute-force attack. Once authenticated as the powerful sa account, the attack quickly escalates beyond the database. We show how an attacker can: This episode highlights how small security gaps — like weak passwords and excessive […]
CQURE Hacks #76: Evading EDR Using Signed Driver
Setting up an EDR is a good first step, but simply having it installed doesn’t mean you’re protected. Many organizations rely on default settings, assuming the tools handle everything automatically. However, modern attackers know exactly how to work around those standard configurations. If your endpoints are invisible to your security team, or if your protection rules aren’t tuned to your specific environment, you’re leaving gaps […]
CQURE Hacks #75: NTFS Forensics – Recovering Deleted Files and Analyzing MFT Records
When you remove a file in Windows, the operating system marks the space as available, but the data often stays behind. By using Sleuthkit’s fls tool and MFTECmd, we can bypass the GUI to read the Master File Table directly. This allows us to see deleted entries and even track the source URL via the Zone.Identifier stream. One of the most critical findings […]
CQURE Hacks #74: Microsoft SQL Server Privilege Escalation
We’re diving into a classic but devastatingly effective exploit path. Many organizations leave their SQL Servers vulnerable through a combination of three simple misconfigurations: a database set to “trustworthy,” an owner with sysadmin rights (like SA), and a low-privilege user with db_owner permissions. By abusing these settings, an attacker can create a stored procedure that […]
CQURE Hacks #73: Using a Malicious LNK File to Take Over Infrastructure (LNK Relay)
The scenario is straightforward: a regular domain user has WRITE permissions on a shared folder. That’s enough to plant a malicious .lnk file pointing to an attacker-controlled SMB server. The moment another user browses that share in File Explorer, the system attempts authentication automatically – and the NETNTLMv2 response is captured. From there, the path […]
CQURE Hacks #72: KQL Threat Hunting – One Query, Three Hunts
In active-duty security, time is your most valuable asset. Most hunters struggle because they try to write a brand-new query for every single alert. This creates a messy library of code that is hard to manage. Kajetan, one of our frontline experts, shows you how to use one “Base Query” as a launchpad for three […]