Cyber Labs

Capabilities
Capabilities
What we do.

Through our global expertise across two key areas of need ― Risk Capital and Human Capital ― our clients are better advised within, and across, their risk and people strategies.
Risk Capital

Broking and Risk Transfer

Claim Management

Reinsurance

Risk Analytics

Risk Management

Risk Retention

Human Capital

Health and Benefits

Human Capital Analytics

Investments

Pensions and Retirement

Talent and Rewards

Workplace Wellbeing
Industries
Industries
Insights and advice, tailored to your needs.

While we all face many of the same challenges and opportunities, every industry is different and requires dedicated expertise.
Construction and Real Estate

Financial Institutions

Financial Sponsors

Food, Agribusiness and Beverage

Healthcare Providers and Services

Hospitality, Travel and Leisure

Industrials and Manufacturing

Insurance

Life Sciences

Natural Resources

Professional and Business Services

Public Sector

Retail and Consumer Goods

Sports and Entertainment

Technology, Media and Communications

Transportation and Logistics
Insights
Insights
Discover new insights from Aon.

From navigating climate change to workforce resilience, today’s leaders need access to powerful insights to make better decisions.
Featured Topics

Trade

Technology

Weather

Workforce
About
About
Aon is in the business of better decisions.

We exist to shape decisions for the better — to protect and enrich the lives of people around the world.
About Us

Our Story

Our Values

Our Impact

Inclusion and Diversity

Leadership and Governance

Careers

Organizing Around Today's Biggest Client Needs

Risk Capital

Human Capital

How can we help you?

Collections

Cyber Labs

Our Cyber Labs collection gives you access to the latest news and insights from Aon's Cyber Solutions team. You can also reach out to our team at any time for assistance with your cyber needs.

Talk to Our Team

01

Mounted Guest EDR Bypass

The Mounted Guest EDR Bypass is a tactic used in cyber attacks to evade Endpoint Detection and Response (EDR) protections. This method involves removing EDR program files from a defenseless guest system on a hypervisor, enabling the deployment of ransomware without detection.
Learn More
02

Optimizing Your Cyber Resilience Strategy Through CISO and CRO Connectivity

Combining forces between the Chief Information Security Officer and the Chief Risk Officer may better prepare your business for cyber challenges and provide a comprehensive insight into the exposures of the business.
Learn More
03

Bypassing EDR through Retrosigned Drivers and System Time Manipulation

The Retrosigned Driver EDR Bypass is a novel modification of a technique employed by multiple ransomware groups to bypass EDR and limit visibility into malicious actions by abusing expired code signing certificates to load malicious kernel drivers.
Learn More
04

DNSForge – Responding with Force

Introducing DNSForge, a novel attacker tactic for responding to name resolution requests made to the authoritative DNS server in an internal network landscape, achieving interception and reuse of system credentials without user interaction.
Learn More
05

Unveiling "sedexp": A Stealthy Linux Malware Exploiting udev Rules

Stroz Friedberg identified a stealthy malware, dubbed “sedexp,” utilizing Linux udev rules to achieve persistence and evade detection. This advanced threat, active since 2022, hides in plain sight while providing attackers with reverse shell capabilities and advanced concealment tactics.
Learn More
06

Command Injection and Path Traversal in StoneFly Storage Concentrator

CVE-2024-30213, CVE-2024-31947: Blind Operating System Command Injection and Path Traversal in StoneFly Storage Concentrator
Learn More
07

Adopt an AI Approach with Confidence, for CISOs and CIOs

This article provides an AI adoption approach for technology leaders chartered with the potentially risky decision. We provide an overview of strategic approaches for consideration, beyond mere technological implementation.
Learn More
08

Responding to the CrowdStrike Outage: Implications for Cyber and Technology Professionals

This client alert provides an overview of the current global IT outage that is related to a CrowdStrike update. We provide an overview of CrowdStrike's response and guidance, and Aon Cyber Solutions' recommendations for affected clients.
Learn More
09

DUALITY Part II - Initial Access and Tradecraft Improvements

This blog post discusses tradecraft improvements and how the same pipeline can be used for initial access.
Learn More
10

Cracking Into Password Requirements

This blog post discusses new hashcat rule sets designed to crack passwords with minimum length and character class constraints, resulting in improved performance.
Learn More
11

DUALITY: Advanced Red Team Persistence through Self-Reinfecting DLL Backdoors for Unyielding Control

This blog post introduces the concept of DUALITY, which is a methodology and pipeline for backdooring multiple DLLs on the fly so they are able to re-infect each other if infections are lost due to program updates.
Learn More
12

Restricted Admin Mode – Circumventing MFA On RDP Logons

This blog post demonstrates the use of Restricted Admin mode to circumvent MFA in RDP as a red team tactic.
Learn More
13

Detecting “Effluence”, An Unauthenticated Confluence Web Shell

Discovering Effluence, a unique web shell accessible on every page of an infected Confluence
Learn More
14

Flash Loan Attacks: A Case Study

This blog post explains how flash loans work, their history, and their role in smart contract attacks. We then explore the first major flash loan attack, discuss current threats, and offer security best practices to prevent them.
Learn More
15

Financially Motivated Criminal Group Targets Telecom, Technology & Manufacturing

This client advisory provides an overview of techniques and tactics attributed to a financially motivated criminal group that is actively targeting organizations across various industries.
Learn More
16

New Burp Suite Extension: BlazorTrafficProcessor

Pentesting web applications that use Blazor server comes with unique challenges, especially without tooling. In this post, we discuss why such challenges exist and provide a Burp Suite Extension to address them.
Learn More
17

Command Injection and Buffer Overflow in Multiple Sharp NEC Displays

CVE-2021-20698, CVE-2021-20699: Command Injection and Buffer Overflow vulnerabilities in Sharp NEC Display Solutions UN/UX Series displays.
Learn More
18

Command Injection in Multiple Snap One Araknis Networks Products

CVE-2021-40144, CVE-2021-40844, CVE-2021-42661: Command Injection vulnerabilities in Snap One Araknis Networks® switches and access points.
Learn More
19

Introducing D-Modem: A software SIP modem

Connect to dialup modems over VoIP using SIP, no modem hardware required.
Learn More
20

CVE-2021-1825: Inadequate Input Encoding in WebKit

In August 2020, Aon discovered and reported to Apple an issue relating to the encoding of Uniform Resource Locator (URL) characters in the Safari web browser, making it easier for an attacker to perform Cross-Site Scripting (XSS) attacks.
Learn More

Cyber Labs

Broking and Risk Transfer

Claim Management

Reinsurance

Risk Analytics

Risk Management

Risk Retention

Health and Benefits

Human Capital Analytics

Investments

Pensions and Retirement

Talent and Rewards

Workplace Wellbeing

Construction and Real Estate

Financial Institutions

Financial Sponsors

Food, Agribusiness and Beverage

Healthcare Providers and Services

Hospitality, Travel and Leisure

Industrials and Manufacturing

Insurance

Life Sciences

Natural Resources

Professional and Business Services

Public Sector

Retail and Consumer Goods

Sports and Entertainment

Technology, Media and Communications

Transportation and Logistics

Trade

Technology

Weather

Workforce

Our Story

Our Values

Our Impact

Inclusion and Diversity

Leadership and Governance

Careers

Risk Capital

Human Capital

Alert

Report

Report

Collections

Cyber Labs

Subscribe to Aon