Mekotio Banker Returns with Improved Stealth and Ancient Encryption https://research.checkpoint.com/2021/mekotio-banker-returns-with-improved-stealth-and-ancient-encryption/
Check Point Research
Mekotio Banker Returns with Improved Stealth and Ancient Encryption - Check Point Research
Research by: Arie Olshtein & Abedalla Hadra A banking Trojan called “Mekotio” that targeted Latin America countries in the past, now making a comeback with a change in its infection flow. Check Point Research (CPR) detected over 100 attacks in recent weeks…
Practical MBA Deobfuscation with msynth https://synthesis.to/2021/11/11/practical_mba_deobfuscation.html
Zero-Day Disclosure: Palo Alto Networks GlobalProtect VPN CVE-2021-3064 https://www.randori.com/blog/cve-2021-3064/
Ibm
QRadar SaaS | IBM
Palo Alto Networks recently completed the acquisition of IBM's QRadar Software as a Service (SaaS) assets. IBM continue to sale QRadar on-premises.
TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access
https://research.nccgroup.com/2021/11/08/ta505-exploits-solarwinds-serv-u-vulnerability-cve-2021-35211-for-initial-access/
https://research.nccgroup.com/2021/11/08/ta505-exploits-solarwinds-serv-u-vulnerability-cve-2021-35211-for-initial-access/
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
The dark side of Microsoft Remote Procedure Call protocols https://redcanary.com/blog/msrpc-to-attack/
Red Canary
The dark side of Remote Procedure Call protocols - Red Canary
MSRPC to ATT&CK is a one-stop shop for learning more about how adversaries abuse Remote Procedure Calls and what you can do to detect it.
The Kerberos Key List Attack: The return of the Read Only Domain Controllers https://www.secureauth.com/blog/the-kerberos-key-list-attack-the-return-of-the-read-only-domain-controllers/
SecureAuth
Resource Hub
Explore SecureAuth's resources to learn more about better workforce and customer identity and access management.
Analyzing a watering hole campaign using macOS exploits https://blog.google/threat-analysis-group/analyzing-watering-hole-campaign-using-macos-exploits/
Google
Analyzing a watering hole campaign using macOS exploits
To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. In late August 2021, TAG discovered watering hole attacks targeting visitors t…
Evading EDR Detection with Reentrancy Abuse https://www.deepinstinct.com/blog/evading-antivirus-detection-with-inline-hooks
Deep Instinct
Evading EDR Detection with Reentrancy Abuse | Deep Instinct
In this blog, we’ll explore a new way to exploit reentrancy that can be used to evade the behavioral analysis of EDR and legacy antivirus products.
Mimidrv In Depth: Exploring Mimikatz’s Kernel Driver https://posts.specterops.io/mimidrv-in-depth-4d273d19e148
Medium
Mimidrv In Depth: Exploring Mimikatz’s Kernel Driver
Mimikatz provides the opportunity to leverage kernel mode functions through the included driver, Mimidrv. Mimidrv is a signed Windows…
Practical attacks against attribute-based encryption https://research.kudelskisecurity.com/2021/11/12/practical-attacks-against-attribute-based-encryption/
Kudelski Security Research
Practical attacks against attribute-based encryption
Authors: Antonio de la Piedra (Kudelski Security Research Team) and Marloes Venema (Radboud University Nijmegen) This week at Black Hat Europe 2021 we have presented our work on attacking attribute…
Escalating XSS to Sainthood with Nagios https://blog.grimm-co.com/2021/11/escalating-xss-to-sainthood-with-nagios.html
Exploiting Grandstream HT801 ATA (CVE-2021-37748, CVE-2021-37915) https://www.secforce.com/blog/exploiting-grandstream-ht801-ata-cve-2021-37748-cve-2021-37915/
www.secforce.com
Exploiting Grandstream HT801 ATA (CVE-2021-37748, CVE-2021-37915)
This article describes two authenticated remote code execution vulnerabilities that we found during a time-bounded security assessment of Grandstream’s HT801 Analog Telephone Adapter. Both vulnerabilities are exploitable via the limited configuration shell…
Backup “Removal” Solutions - From Conti Ransomware With Love https://www.advintel.io/post/backup-removal-solutions-from-conti-ransomware-with-love
Redsense
RedSense Home
RedSense Cyber Threat Intelligence provides products and services to many of the world’s most sophisticated corporate threat intelligence departments and security organizations. As companies rethink their intelligence frameworks for greater efficacy and cost…
Fuzzing Microsoft's RDP Client using Virtual Channels: Overview & Methodology https://thalium.github.io/blog/posts/fuzzing-microsoft-rdp-client-using-virtual-channels/
OSX.CDDS: a sophisticated watering hole campaign drops a new macOS implant! https://objective-see.com/blog/blog_0x69.html
objective-see.org
OSX.CDDS (OSX.MacMa)
a sophisticated watering hole campaign drops a new macOS implant!
fee: Execute ELF files without dropping them on disk https://github.com/nnsee/fileless-elf-exec
GitHub
GitHub - nnsee/fileless-elf-exec: Execute ELF files without dropping them on disk
Execute ELF files without dropping them on disk. Contribute to nnsee/fileless-elf-exec development by creating an account on GitHub.