Guardicore Labs

Guardicore Labs is a global research team, consisting of hackers, cybersecurity researchers and industry experts. We publish our cyber security research and provide analysis, insights and response methodologies to the latest cyber threats as well as lead and participate in academic research. We are also the core maintainers of the Infection Monkey, a popular open-source network resiliency test tool

Guardicore - The Next Gen Infection Monkey is Here

The Next Gen Infection Monkey is Here

We are pleased to announce a new version of our Infection Monkey open source attack simulation tool with several significant enhancements. We first introduced the Infection Monkey in 2016 and have continuously developed and supported it. Part of what we did came from feedback we received from our community so thanks everyone for contributing!

Read More »
Guardicore - Beware the Hex-Men

Beware the Hex-Men

In the last few months Guardicore Labs has been investigating multiple attack campaigns conducted by an established Chinese crime group that operates worldwide. The campaigns are launched from a large coordinated infrastructure and are mostly targeting servers running database services. By now we were able to identify three attack variants – Hex, Hanako and Taylor – targeting different SQL Servers, each with its own goals, scale and target services. This report covers the attackers’ infrastructure, attack variants and how the victims are used for both profit and further propagation.

Read More »
Guardicore - Highlights from Black Hat & DEFCON

Highlights from Black Hat & DEFCON

I spent the last week at the “Hacker Summer Camp” of Black Hat and DEFCON. Besides meeting people and enjoying the dual craziness of the DEFCON crowd and the Black Hat business hall, we also gave a well received lecture – Escalating Insider Threats using VMWare’s API. Ofri Ziv, Head of Guardicore labs, presented a backdoor we discovered in VMware’s remote administration API, enabling vSphere users to quickly and easily take over guest machines without providing guest credentials

Read More »