many parts make the whole
Sometimes your paranoia is justified! You may remember this story from 2015 about the NSA installing backdoors into the firmware of hard drives that would not be easily removed. So you may already have reasons to be skeptical of your hardware. Well rmcybernetics has a great writeup here about discovering malware on a machine they … Read More “HARDWARE ARRIVES FROM CHINA COMPLETE WITH PREINSTALLED MALWARE” »
Log4j appears to be the gift that keeps on giving. The severity score for the second Log4j vulnerability, CVE-2021-45046, has been upgraded from a CVSS score of 3.7 to 9.0. The fix for the original CVE-2021-44228 in Apache Log4j has been found to be incomplete allowing for Remote Code Execution in certain configurations. LunaSec blog … Read More “SEVERITY UPGRADE for Log4Shell CVE-2021-45046” »
The NVIDIA TSEC (Tegra Security Co-processor) is a security chip in the Nintendo Switch that is intended to secure the boot process of the gaming console. At this time the function of the chip has been fully compromised in a way that should not be easily patched thanks a dedicated group of hardware hackers and … Read More “FULL EXTRACTION of NVIDIA TSEC” »
fail2ban is very useful piece of software that stops brute forcing attacks on a variety of services. Knowing that fail2ban exists is serious source of frustration for me personally when I am completing a vulnerable machine or an exercise and the solution is “just brute force credentials using hydra and X wordlist.” In the back … Read More “REMOTE CODE EXECUTION in fail2ban – CVE-2021-32749” »
As more and more people are working remotely virtual meeting apps like Zoom are becoming an essential part of many organizations. Although Zoom is no stranger to security issues, see CVE-2021-28133 and CVE-2021-30480, it is still widely in use. Personally I would recommend using an alternative like Teams or Webex, but to each their own. … Read More “REMOTE CODE EXECUTION in Zoom from Pwn2Own 2021” »
Exploit code is now available for CVE-2021-1675 allowing for Remote Code Execution. This vulnerability allows an unauthenticated bad actor to execute code as SYSTEM on vulnerable systems. Microsoft has released an advisory and patches are available here. There are reports that the patches alone are not sufficient at this time so you may want to … Read More “PrintNightmare – REMOTE CODE EXECUTION in Windows Spooler Service CVE-2021-1675” »
Office 365 has been steadily growing for many years to the point where it currently has over 200 million users. Many large and small organizations are increasingly taking advantage of cloud based services and infrastructure to reduce costs and increase availability to their users. So, when there is security issue with a major cloud based … Read More “REMOTE CODE EXECUTION in Office 365” »
Compromised updates for Solarwinds Orion are making headlines for containing malware. The updates available from March through May of this year appear to have contained a very elusive and adaptable trojan that FireEye has dubbed the SUNBURST Backdoor. FireEye has published a great write-up on the attack here along with Indications of Compromise. Please be sure to read through … Read More “SOLARWINDS ORION AND THE SUNBURST BACKDOOR” »
Intel Owl is an Open Source Intelligence, (OSINT), solution that can query multiple services quickly and easily including shodan, VirusTotal, and hunter.io. The tool supports 30 different analyzers and services at this time and can provide data on potentially malicious files, IP addresses or domains. This could be a great time saver when performing analysis … Read More “FREE OPEN SOURCE THREAT INTEL SOLUTION – Intel Owl” »
Usually decrypting HTTPS traffic requires a MITM scenario involving certificates and/or deep packet inspection. Silent Signal recently shared a great writeup on how this can be accomplished using Burp Suite and a new extension that is available on their GitHub repository. This method can potentially save time while being less complex and invasive. Using certificates … Read More “DECRYPTING HTTPS TRAFFIC USING Burp Suite PLUGIN” »