Category: Uncategorized

  • Blog
  • Category: Uncategorized

How I found a CVE in a 4 milion (!) active users of WordFence

I just registered my first CVE. Here is the background story. One of our goals at OP Innovate is to protect our clients and partners at all times. During a recent penetration testing engagement, the testing scope included a WordPress website. So I decided to channel some effort into WordPress plugins where a vulnerability could

Read More

Under the hood of a Smishing campaign

Earlier today our OP Innovate research team received yet another Smishing attempt asking them to provide credit card details.  The SMS looks like a legitimate message from the Israeli post offices and even contains a correctly formatted tracking number: החבילה שלך: RU0041902037Z‌ מוכן לאיסוף, אנא לחץ על הקישור והשלם את התשלום: https://2u.pw/MT5To The message requests

Read More
The Art of the Red Team

The Art of the Red Team

This article pulls together some of the tactics and techniques used by OP Innovate researchers during a red team exercise. Please note, tools, tactics and techniques are described below for educational purposes only! What is Red Teaming During a red team/blue team cybersecurity simulation, the red team mimics the role of the adversary, attempting to

Read More
Email-based attacks in the COVID-19 era

Email-based attacks in the COVID-19 era

Since life in the shadow of the Covid-19 pandemic became “new normal”, we at OP Innovate have seen an excess of business email compromises (BEC) incidents. As the pandemic played out across the globe, workers got vaxxed and IT departments got used to this “new normal”, we genuinely hoped we’d see a drop in this

Read More

N3tw0rm IOCs

Updated: 15:00 GMT 09/05/21 A new ransomware attack group called N3tw0rm is claiming to have penetrated the network of several Israeli companies included Veritas, an international shipping and logistics company, Ecolog, an infrastructure engineering company, and Israel’s branch of clothing retailer H&M. In a departure from previous behaviour, a source familiar with the matter stated

Read More
Under Cyber Attack? Click Here