Skip to content

Finding Microsoft Exchange Servers on your network

GTSC, a Vietnamese security firm, recently discovered two zero-day vulnerabilities that affect Microsoft Exchange Server 2013, 2016, and 2019. These two vulnerabilities are being tracked as CVE-2022-41040 and CVE-2022-41082. According to Microsoft, they are aware of “limited targeted attacks using the two vulnerabilities to get into users’ systems.” In order for attackers to successfully exploit the vulnerabilities, they must have authenticated access to the vulnerable Microsoft Exchange Server.

What is the impact?

The first vulnerability, CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability. The second vulnerability, CVE-2022-41082, allows remote code execution (RCE) when the attacker has access to PowerShell. According to GTSC, it appears that attackers can exploit the vulnerabilities to place webshells on exploited systems and set the stage for post-exploitation activities.

Are updates available?

As of September 30, 2022, both CVEs have not been patched, but Microsoft has indicated they are actively working on an accelerated timeline to issue a fix. According to their guidance, Microsoft Exchange Online Customers do not need to take any action. However, on-premises Microsoft Exchange customers should review and apply Microsoft’s mitigation steps on URL Rewrite Instructions and block exposed Remote PowerShell ports.

How do I find Microsoft Exchange Servers with runZero?

To get started, you can scan your network with runZero to collect your asset inventory. Then, from the Asset Inventory, use the following query to locate Microsoft Exchange Servers on your network:

product:"exchange server"

Check out our Queries Library for other useful inventory queries.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

Lazarus targets aerospace company in the Netherlands and political journalist in Belgium to steal data

  • These Lazarus campaigns targeted an employee of an aerospace company in the Netherlands and a political journalist in Belgium.
  • The campaigns used malicious Amazon-themed documents, and the primary goal was data exfiltration.
  • A tool used in this campaign presents the first recorded abuse of the CVE-2021-21551 vulnerability. This vulnerability affects Dell DBUtil drivers; Dell provided a security update in May 2021.
  • This tool, in combination with the vulnerability, disables the monitoring of all security solutions on compromised machines. The existence of such a tool should be a warning to developers of security products to improve the self-protection of their software.
  • The complexity of the attack indicates that Lazarus consists of a large team that is systematically organized and excellently prepared.

BRATISLAVA, PRAGUE, September 30, 2022 — ESET researchers uncovered and analyzed a set of malicious tools that were used by the infamous Lazarus APT group in attacks during the end of 2021. The campaign started with spear phishing emails containing malicious Amazon-themed documents, and it targeted an employee of an aerospace company in the Netherlands and a political journalist in Belgium. The primary goal of the attackers was data exfiltration.  

Both victims were presented with job offers: The employee in the Netherlands received an attachment via LinkedIn Messaging, and the journalist in Belgium received a document via email. The attacks started after these documents were opened. The attackers deployed several malicious tools on the system, including droppers, loaders, fully featured HTTP(S) backdoors, and HTTP(S) uploaders.  

The most notable tool delivered by the attackers was a user-mode module that gained the ability to read and write kernel memory due to the CVE-2021-21551 vulnerability in a legitimate Dell driver. This vulnerability affects Dell DBUtil drivers; Dell provided a security update in May 2021. This is the first ever recorded abuse of this vulnerability in the wild.  

“The attackers then used their kernel memory write access to disable seven mechanisms the Windows operating system offers to monitor its actions, like registry, file system, process creation, event tracing, etc., basically blinding security solutions in a very generic and robust way,” explains ESET researcher Peter Kálnai, who discovered the campaign. “It was not just done in kernel space, but also in a robust way, using a series of little- or undocumented Windows internals. Undoubtedly this required deep research, development, and testing skills,” he adds.

Lazarus also used a fully featured HTTP(S) backdoor known as BLINDINGCAN. ESET believes this remote access trojan (RAT) has a complex server-side controller with a user-friendly interface through which the operator can control and explore compromised systems.

In the Netherlands, the attack affected a Windows 10 computer connected to the corporate network, where an employee was contacted via LinkedIn Messaging about a potential new job, resulting in an email with a document attachment being sent. The Word file Amzon_Netherlands.docx sent to the victim is merely an outline document with an Amazon logo. ESET researchers were unable to acquire the remote template, but they assume that it may have contained a job offer for the Amazon space program Project Kuiper. This is a method that Lazarus practiced in the Operation In(ter)ception and Operation DreamJob campaigns targeting aerospace and defense industries.  

Based on the number of command codes that are available to the operator, it is likely that a server-side controller is available where the operator can control and explore compromised systems. The more than two dozen commands available include downloading, uploading, rewriting, and deleting files, and taking screenshots.

“In this attack, as well as in many others attributed to Lazarus, we saw that many tools were distributed even on a single targeted endpoint in a network of interest. Without a doubt, the team behind the attack is quite large, systematically organized, and excellently prepared,” says Kálnai.

ESET Research attributes these attacks to Lazarus with high confidence. The diversity, number, and eccentricity in implementation of Lazarus campaigns define this group, as well as that it performs all three pillars of cybercriminal activities: cyberespionage, cybersabotage, and pursuit of financial gain. Lazarus (also known as HIDDEN COBRA) has been active since at least 2009. It is responsible for several high-profile incidents.

This research is presented at this year’s Virus Bulletin conference. Detailed information is available in the whitepaper “Lazarus & BYOVD: Evil to the Windows core.”

For more technical information about the latest Lazarus attack, check out the blog post “Amazon-themed campaigns of Lazarus in the Netherlands and Belgium” on WeLiveSecurity.

Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

ESET launches dedicated XDR security solutions for Managed Service Providers to protect their customers’ digital journeys

Bratislava, September 29th, 2022 ESET, a global leader in digital security, has announced the launch of its award-winning B2B solutions for Managed Service Providers (MSPs). Based in the heart of the European Union, ESET has been protecting their MSP partners across the globe since 2014, offering a dedicated MSP program. This launch represents a step forward in expanding the offering with XDR solutions, ESET Inspect and ESET Inspect Cloud -currently available to ESET’s enterprise business customers– which will be accessible via ESET’s MSP Administrator platform as used by current MSP partners.

ESET has been researching the cyber threat landscape and innovating digital security technology for decades and the new offering has been designed with both its customers and partners in mind. A combination of ESET’s long-standing use of machine learning and AI based technologies, its cloud reputation system called ESET LiveGrid, and the human expertise offered by the company’s tightly knit global community, powers the world’s most formidable multi-layered cyber threat prevention, detection and response technology – the ESET PROTECT platform powered by ESET LiveSense.

The new offering will allow current and prospective MSP customers access to a simplified and unified digital security platform, with MSP-optimized solutions which are easy to use, help minimize their daily operations, and allow MSPs to provide top-rated security to help solidify their own customers’ trust. This is accomplished without compromising efficiency on behalf of quality, because the new platform integrates balanced breach prevention, detection and response capabilities, and comprehensive threat intelligence. It is modular, adaptable, and continuously innovated with each system upgrade.

ESET’s solution is flexible and scalable in design, future-proofing the MSPs’ business model and helping clear security engineers’ overflowing helpdesk. In terms of making life easier for MSPs, ESET offers a flexible, self-service, zero-commitment billing model which keeps the pressure off and allows their MSP partners to ‘pay as they go’ monthly and for the subscriptions they actually need.

“At the very heart of ESET’s award-winning technology, we feel its paramount to protect progress – but not only ours and more significantly, the progress of our MSP partners. ESET allows MSPs to focus on what really matters, their own business and customers. In our minds, ESET and MSPs simply go together: superior protection of customers, flexible and easy to use product, and a business model tailored to MSP needs,” said Michal Jankech, VP for the MSP and SMB segment at ESET.

To read more about the offering, click here.

To find out more about what is XDR and why we need it in our cyber security lives, click here.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

ESET launches dedicated XDR security solutions for Managed Service Providers to protect their customers’ digital journeys

Bratislava, September 29th, 2022 ESET, a global leader in digital security, has announced the launch of its award-winning B2B solutions for Managed Service Providers (MSPs). Based in the heart of the European Union, ESET has been protecting their MSP partners across the globe since 2014, offering a dedicated MSP program. This launch represents a step forward in expanding the offering with XDR solutions, ESET Inspect and ESET Inspect Cloud -currently available to ESET’s enterprise business customers– which will be accessible via ESET’s MSP Administrator platform as used by current MSP partners.

ESET has been researching the cyber threat landscape and innovating digital security technology for decades and the new offering has been designed with both its customers and partners in mind. A combination of ESET’s long-standing use of machine learning and AI based technologies, its cloud reputation system called ESET LiveGrid, and the human expertise offered by the company’s tightly knit global community, powers the world’s most formidable multi-layered cyber threat prevention, detection and response technology – the ESET PROTECT platform powered by ESET LiveSense.

The new offering will allow current and prospective MSP customers access to a simplified and unified digital security platform, with MSP-optimized solutions which are easy to use, help minimize their daily operations, and allow MSPs to provide top-rated security to help solidify their own customers’ trust. This is accomplished without compromising efficiency on behalf of quality, because the new platform integrates balanced breach prevention, detection and response capabilities, and comprehensive threat intelligence. It is modular, adaptable, and continuously innovated with each system upgrade.

ESET’s solution is flexible and scalable in design, future-proofing the MSPs’ business model and helping clear security engineers’ overflowing helpdesk. In terms of making life easier for MSPs, ESET offers a flexible, self-service, zero-commitment billing model which keeps the pressure off and allows their MSP partners to ‘pay as they go’ monthly and for the subscriptions they actually need.

“At the very heart of ESET’s award-winning technology, we feel its paramount to protect progress – but not only ours and more significantly, the progress of our MSP partners. ESET allows MSPs to focus on what really matters, their own business and customers. In our minds, ESET and MSPs simply go together: superior protection of customers, flexible and easy to use product, and a business model tailored to MSP needs,” said Michal Jankech, VP for the MSP and SMB segment at ESET.

To read more about the offering, click here.

To find out more about what is XDR and why we need it in our cyber security lives, click here.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Intro to Windows (Win32) API

Since I talked about how to enumerate Windows-based systems – a step you will have during an engagement, it is only natural to expand more on the topic (Windows, not enumeration, at least for now).

You might have successfully enumerated, exploited, established persistence, and maybe even exfiltrated data… but there’s much more to it, and a lot of stuff comes into play. In the upcoming articles, I will cherry-pick the stuff that is most interesting to me, but I will also try to provide you with a general overview so that you can more easily structure and map out the stuff I’ve been talking about.

This one is geared more towards red team type of activity, as the knowledge of the Windows API can be leveraged when you care about evasion e.g., as a red teamer (of course, it’s not only about evasion…); something a pentester usually doesn’t have to worry about. Just keep that distinction in the back of your mind.

However, in the case of red team engagements, since the emulation of an adversary is essential, you will see stuff that usually doesn’t get included in your pentests or vulnerability assessments. Phishing is permitted (out of scope in most of the pentests) and is usually something red teams will opt for (gotta keep that stuff realistic, right?); evasion is also vital since an adversary will try to stay on your corporate network as long as it is possible for them. It’s also kinda in the name; you are in the role of the red team, and the evasion pertains to throwing the blue team off your tracks. This is quite different and very interesting for us here, as it opens a plethora of new options you will think about and probably use during the engagement.

Terms like living off the land, phishing, bypassing UAC, bypassing AVs, C2, etc. all come into play! And more. Much more. This is terrifyingly fun, and even though the Windows API might not be the most attractive topic of the bunch here, its important to have a firm grasp on the stuff you’re abusing, and I wanted to give you just a brief overview of how one would abuse the system calls for their nefarious purpose.

Red teams will regularly abuse the Windows API to hide and evade the blue team, in the same way, they’ll use shellcode to evade AVs, or use the LOL (living off the land) methodology, and much more (evade runtime detection, logging and monitoring, generally employing tool agnostic approach in this endeavor).

Okay! So that’s a bit more of an intro, but I wanted to level with you here and set some expectations while also (hopefully) making the upcoming articles (as well as this one and the previous one) more sensible in the grand scheme of things.

The Windows (Win32) API

The first distinction to be aware of here is that Windows has two main modes through which it accesses hardware, the kernel, and the user mode. This goes back to the release of the Win32 API which is a library that’s used to interface between the user applications and the kernel.

The API here calls the interfaces and sends the info to the system which is then processed in the kernel mode. These two modes are essential because they determine how much access a driver or an application gets – kernel, memory, or hardware access. Also, note that with some languages and their interaction with the Win32 API, the application can go through the runtime first before going through the API.

The Win32 API breakdown can be briefly described as follows:

  • In/out parameters – these are the values that call structures define

  • API calls -this is the API called that’s used, with addresses to functions that are coming from the pointers

  • Call structures – this is what defines the API call and its parameters

  • DLLs – these are the DLLs for the Win32 API, we have core DLLs – KERNEL32, USER32, ADVAPI32, and other DLLs that are a part of the API like NTDLL, COM, NETAPI32, etc.

  • Headers – these are the libraries that get imported at runtime, they are defined through the header files or imports, function addresses are obtained through pointers

Since every API call of the Win32 library lives in memory and requires a pointer to a memory address the way you get those pointers for the needed functions is obscured because of the Address Space Layout Randomization – ASLR implementations. This is for security reasons as you guessed it. 

If an attacker can discover where a DLL is loaded in any process, the attacker knows where it is loaded in all processes. Which is a quote from Mandiant’s blog post about the ASLR. From the same blog post – A low-privileged account can be used to overcome ASLR as the first step of a privilege escalation exploit.

This is also why Microsoft implemented the Windows Header File.

From Wikipedia:

windows.h is a Windows-specific header file for the C and C++ programming languages which contains declarations for all of the functions in the Windows API, all the common macros used by Windows programmers, and all the data types used by the various functions and subsystems. It defines a very large number of Windows specific functions that can be used in C.

Basically, any Win32 function can be called once you’ve included the windows.h or the Windows Header File.

Another important implementation is the P/Invoke, which allows you to access structs, callbacks, and functions in unmanaged libraries from your managed code. Most of the P/Invoke API is contained in two namespaces: System and System.Runtime.InteropServices. Using these two namespaces gives you the tools to describe how you want to communicate with the native component.

What P/Invoke does is give you a way to do the complete process of calling the Win32 API. You can then invoke the function as a managed method you created even though you’re calling an unmanaged function.

The structure of the API calls is well documented by Microsoft but you can also check out the pinvoke.net: the interop wiki! for more information.

Every API call has a pre-defined structure for its input/output parameters. For example the VirtualProtect function – memoryapi.h it looks something like this:

BOOL VirtualProtect(
 
  [in] LPVOID lpAddress,
 
  [in] SIZE_T dwSize,
 
  [in] DWORD flNewProtect,
 
  [out] PDWORD lpflOldProtect
);

For the parameters expected i/o and accepted values, Microsoft has the explanation within the docs.

Lastly, I will list some API calls that are known for their possible malicious use. Also, MalAPI.io tries to document these, so it might be worth checking out.

VirtualProtect – Changes the protection on a region of committed pages in the virtual address space of the calling process.

GetProcAddress – Retrieves the address of an exported function (also known as a procedure) or variable from the specified dynamic-link library (DLL).

GetComputerNameA – Retrieves the NetBIOS name of the local computer. This name is established at system startup, when the system reads it from the registry.

GetModuleFileNameA – Retrieves the fully qualified path for the file that contains the specified module. The module must have been loaded by the current process.

GetAdaptersInfo – The GetAdaptersInfo function retrieves adapter information for the local computer.

RegisterHotKey – Defines a system-wide hot key. Also, MalAPI says: RegisterHotKey is used to create a system wide hotkey. This function is commonly used by spyware or keyloggers to recieve a notification when a certain combination of keys are pressed.

Conclusion (for now)

I’ve just given a very brief overview here since the whole of the Win32 API is much larger. But for our purpose here, it should suffice. The main point I wanted to get across is for you to realize the potential options you might have with this and be aware of how some threat actors might leverage those system functions that are basically inseparable from the system itself.

A fun practice might be to check out what MITRE ATT&CK has documented on Native APIs and check out the Windows API calls known to be used for malicious purposes.

Cover image by Clint Adair

#win32 #API #windows

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Topia
TOPIA is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.

SafeDNS is a NAPPA Award winner

NAPPAA, which for over 32 years has been ensuring that parents purchase the highest quality products that help them connect and enjoy time with their families, highlighted SafeDNS as the best in the industry.

“This site offers many choices and can be set up on every device or just the child’s device. There are so many ways to use this program and what I really like is that it can be used to protect the elderly from becoming victims of fraud.”

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SafeDNS
SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.

GREYCORTEX Mendel 3.9.1. Now Available

September 20, 2022 – We have released GREYCORTEX Mendel 3.9.1 which brings minor improvements and bug fixes.

Enhancements

Event visibility level store its configuration on the user level (keep the last state before logout)

Improved performance and reliability for Failsafe mode

Improved subnet filtering by substring search in filter

Fixed issues with

  • Performance in the network capture module
  • Invalid license during Sensor&Collector upgrade
  • Default firewall configuration for an asset discovery tool
  • Checkpoint firewall rule policies
  • Detecting TOR traffic by IDS signatures
  • Resizing LVM storage on AWS
  • Two or more DNS servers on the management interface
  • Empty subnet graph for subnets filtered by tag(s)
  • User permissions
  • SSL configuration for Fortigate firewall plugin
  • Invalid CSV header in subnet import
  • Malformed input for network parsers
     

CYBER DEFENSE FOR BUSINESS: MAPPING PAIN AREAS AND SECURING THEM

Test execution is the process of running tests to verify a specific functionality in a system. It’s a great way for us to find bugs in our applications, but over time we realized that we needed to improve the speed and efficiency of our test  execution method. Here’s how we did it.

The story so far
After four years of automated test development, we now have a significant collection of tests we can run. These tests can be organized and executed on demand and provide us with valuable data about the current state of our system.

Most popular automated test development platforms offer us some level of control over test execution: parallel suites, for example, to reduce execution times. Some platforms even allow us to dynamically inject test cases during runtime, depending on the current system state.

But what if it’s not enough? What if we need even more control over execution? What if we want to use mixed-type pipelines and dynamically change test data or execution pool thread capabilities?

The problem
We execute tests from several different IPs because some of the functionality can be tested only while using a specific tunnel connection. This brings us to Cloudflare accessibility problems, request limit issues, and, occasionally, authentication errors.

Some more complex scenarios require the alteration of test data. This can only be done via microservice-based endpoints. Some of those endpoints are only accessible from an internal network. After a tunnel connection is established with an external server, a test execution bot can no longer reach the internal resources required for this test run.

Another problem is the number of requests being generated during test runs. For security purposes, all environments have strict request limits, but our test activity can easily reach those limits. Dynamic IPs prevent us from whitelisting IP addresses, and it becomes impossible to execute all test collections from one IP address.

The solution
After several solutions failed, we finally came up with a test strategy that involved modifying test data upfront.

If access cannot be gained from specific IP, we get access tokens before making the connection. If the alteration of test data via internal endpoints is needed, we execute this before the test run. We also bypassed request limits by switching IPs during the test run.

All of this would be impossible if we did not design a more sophisticated test executor.

The executor
We had to design a system that allowed full control of dynamic test execution. The project goal was to have control over the parallel and serial execution of tasks, bound with one executor.

First, data gathering and alteration happen via internal endpoints. A tunnel connection is established, and then parallel test execution takes place to minimize execution time.

Some test suites generate more requests than others, so we must be aware of how many requests are being made and how many suites are in parallel segments. At some point, the IP address has to change, and a new set of test suites are executed again in parallel. This pipeline continues until all tests have been executed.

The result
Thanks to this solution, we can take full control of the test execution pool and execution sequence. In practice, that means we are able to adapt to ever-changing security measures and still provide valuable test execution reports. Our tests allow us to identify bugs faster than ever, enhancing the security and efficiency of all our applications.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.