Core of Tech Archieven - Page 2 of 2

How to develop secure software

Secure software development frameworks and methodologies have been around for 20 years. Yet, despite many companies committing to them, we still have vulnerable software that enables devastating cyberattacks. Therefore, many organizations question the value of secure software development processes and do not know how to organize their software development to be secure-by-design. In this talk, […]

Hackers don’t break in, they log in

In 2025, the biggest threat to your organization may already be inside — not through an elaborate breach, but through a legitimate login. Infostealer malware has surged across the cybercrime landscape, quietly harvesting credentials from unsuspecting victims and feeding a booming underground market. This trend poses a serious and often underestimated risk to all kinds […]

From large scale data collection to timelining events.

In recent years, Fox-IT has observed a significant evolution in the field of Incident Response (IR). With the scale of incidents increasing, our engagements now frequently involve managing not just a few systems but handling over a thousand. This increase in scale has necessitated refining our approach to seamlessly integrate diverse data sources, manage a […]

From Lab to Field: Hansken Dev Joins Cyber Team

Team Cybercrime Rotterdam (TCC Rotterdam) recently dismantled a facilitator network behind large scale helpdesk fraud. The operation offers a rare inside look at how modern digital evidence techniques reconstruct a criminal modus operandi—and how Digital Forensics as a Service (DFaaS) accelerates that process. Facilitators supplied everything the callers needed: phishing portals, victim lead lists, VOIP […]

From Comments With Love

At the request of the Dutch public broadcasting company NOS, two experts of DataExpert and Infoblox investigated a wave of spammy, sexualized GIF comments on Instagram. They uncovered a coordinated campaign tied to an affiliate of the cybercriminal network VexTrio. These seemingly harmless GIFs were designed to lure users towards malicious websites, with traffic routed […]

Elevate Your API Testing Game: WuppieFuzz in Action

With many businesses depending on communications between digital services, well-specified application programming interfaces (APIs) are used to facilitate this. However, as these APIs form a point of entry to critical applications, they are an attractive target for malicious actors. Therefore, thorough testing of these APIs is desired. With the growing number of APIs available for […]

Anyone Can Launch a DDoS: Gorilla botnet & DDoS-for-Hire

DDoS-for-hire services have plagued the Internet for years, and recently the “Gorilla botnet” gained notoriety for performing a large number of high-profile DDoS attacks, some of which were targeted at large Dutch organizations. In this talk we share insights of our ongoing investigations in DDoS-for-hire networks at the Delft University of Technology (TU Delft), and […]