Software Vulnerabilities January 20, 2023

Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”

10 min read - September’s Patch Tuesday unveiled a critical remote vulnerability in tcpip.sys, CVE-2022-34718. The advisory from Microsoft reads: “An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPsec is enabled, which could enable a remote code…

Advanced Threats August 18, 2021

Hunting for Evidence of DLL Side-Loading With PowerShell and Sysmon

6 min read - Recently, X-Force Red released a tool called Windows Feature Hunter, which identifies targets for dynamic link library (DLL) side-loading on a Windows system using Frida. To provide a defensive counter-measure perspective for DLL side-loading, X-Force Incident Response has released SideLoaderHunter,…

Endpoint July 1, 2021

Hunting for Windows “Features” with Frida: DLL Sideloading

8 min read - Offensive security professionals have been using Frida for analyzing iOS and Android mobile applications. However, there has been minimal usage of Frida for desktop operating systems such as Windows. Frida is described by the author as a “Dynamic instrumentation toolkit…

January 21, 2020

TrickBot Uses UAC Bypass to Quietly Infect Windows 10 Machines

2 min read - Security researchers observed that TrickBot has begun using a User Account Control (UAC) bypass to quietly infect machines running Windows 10 without displaying any prompts.

Malware August 8, 2019

The Curious Case of a Fileless TrickBot Infection

7 min read - IBM X-Force noted changes in the deployment of the TrickBot Trojan and discovered that the most recent version of the malware is fileless.

July 15, 2019

Weekly Security News Roundup: Zero-Day Vulnerability Exploited in Buhtrap Attack Campaign

3 min read - Last week, security researchers identified a zero-day vulnerability that was instrumental in a targeted attack against companies in Eastern Europe.

July 10, 2019

Astaroth Attack Infects Windows Machines Via Living-Off-the-Land Techniques

2 min read - An Astaroth attack leveraged only living-off-the-land techniques to run the backdoor directly in memory on Windows machines.

Endpoint July 9, 2019

Mobile Device Management Evolves to Support New Device Use Cases

4 min read - As new deployments of screens, IoT devices and other connected endpoints proliferate, mobile device management is key to helping businesses secure, manage and control new mobile-oriented use cases.

June 18, 2019

InterPlanetary Storm Malware Using IPFS P2P Network to Hide Its Activities

2 min read - A malware campaign dubbed InterPlanetary Storm is hiding its network activity among legitimate traffic by using a P2P network for its command-and-control communications.

June 17, 2019

Threat Actors Use Targeted Attack Tools to Distribute Cryptocurrency Miners, Ransomware

2 min read - Threat actors are using targeted attack tools to distribute typical malware, such as cryptocurrency miners and ransomware.