Skip to navigation Skip to main content Skip to footer

Research Blog

Insights and research from our global cybersecurity team.

Filter content

Reset filters

Reverse engineering and decrypting CyberArk vault credential files

Author: Jelle Vergeer This blog will be a technical deep-dive into CyberArk credential files and how the credentials stored in these files are encrypted and decrypted. I discovered it was possible to reverse engineer the encryption and key generation algorithms and decrypt the encrypted vault password. I also provide a python implementation to decrypt the […]


Decrypting OpenSSH sessions for fun and profit

Author: Jelle Vergeer Introduction A while ago we had a forensics case in which a Linux server was compromised and a modified OpenSSH binary was loaded into the memory of a webserver. The modified OpenSSH binary was used as a backdoor to the system for the attackers. The customer had pcaps and a hypervisor snapshot […]


StreamDivert: Relaying (specific) network connections

Author: Jelle Vergeer The first part of this blog will be the story of how this tool found it’s way into existence, the problems we faced and the thought process followed. The second part will be a more technical deep dive into the tool itself, how to use it, and how it works. Storytime About […]