C1BAS Blog

C1BAS Blog https://www.c1bas.com/blog Threat research and cybersecurity writing from the C1BAS team. en-us Wed, 03 Jun 2026 00:00:00 GMT Tracking a Suspected SilverFox APT Operation https://www.c1bas.com/blog/silverfox-apt-valleyrat-python-infostealer https://www.c1bas.com/blog/silverfox-apt-valleyrat-python-infostealer Wed, 03 Jun 2026 00:00:00 GMT WhatsApp-delivered ZIP archive, DLL-sideloaded via signed Tencent binaries, deploying ValleyRAT and a Cython-compiled Python RAT. Inside the SilverFox chain. Threat Research How a Routine External Pentest Uncovered an 18-Month Active Compromise on Day One https://www.c1bas.com/blog/how-a-routine-external-pentesting-uncovered-an-18-month-active-compromise-on-day-one https://www.c1bas.com/blog/how-a-routine-external-pentesting-uncovered-an-18-month-active-compromise-on-day-one Sat, 29 Nov 2025 00:00:00 GMT Routine external pentest discovered SocGholish, multiple Russian backdoors, and a SystemBC RAT actively running on a client's public website for 18 months. Threat Research Zivver Phishing: How Real Secure Messages Deliver Fake Logins https://www.c1bas.com/blog/zivver-phishing-how-real-secure-messages-deliver-fake-logins https://www.c1bas.com/blog/zivver-phishing-how-real-secure-messages-deliver-fake-logins Tue, 25 Nov 2025 00:00:00 GMT Attackers used a real Zivver secure message to deliver a hidden phishing link, harvesting an M365 mailbox in under five minutes despite real-time SOC alerts. Threat Research Mapping Hidden Containers in Azure Cloud Shell: A Case Study in Responsible Disclosure https://www.c1bas.com/blog/mapping-hidden-containers-in-azure-cloud-shell-a-case-study-in-responsible-disclosure https://www.c1bas.com/blog/mapping-hidden-containers-in-azure-cloud-shell-a-case-study-in-responsible-disclosure Wed, 11 Jun 2025 00:00:00 GMT An Azure Cloud Shell information-disclosure vulnerability that turned a /download API into a file-existence oracle, plus reflections on Microsoft's response. Vulnerability Research Breaking Down CVE-2024-30103 and More: Insights from BlueHat 2024 on Microsoft Outlook RCE https://www.c1bas.com/blog/breaking-down-cve-2024-30103-more-insights-from-bluehat-2024 https://www.c1bas.com/blog/breaking-down-cve-2024-30103-more-insights-from-bluehat-2024 Tue, 19 Nov 2024 00:00:00 GMT Notes from Michael Gorelik's BlueHat 2024 talk on Microsoft Outlook RCE vulnerabilities including CVE-2024-30103 and the patch landscape that followed. Vulnerability Research Understanding Pentesting vs. Cyber Risk Assessment https://www.c1bas.com/blog/understanding-pentesting-vs-cyber-risk-assessment https://www.c1bas.com/blog/understanding-pentesting-vs-cyber-risk-assessment Fri, 18 Oct 2024 00:00:00 GMT Why penetration testing alone doesn't equal a security program, and how a real cyber risk assessment evaluates the bigger attack surface in business context. Cybersecurity Insights