exploits & vulnerabilities

What is Red Teaming & How it Benefits Orgs

Posted on January 10, 2023January 11, 2023 by Admin

In today’s increasingly connected world, red teaming has become a critical tool for organizations to test their security and identify possible gaps within their defenses. Red teaming, also known as red cell, adversary simulation, or Cyber Red Team, involves simulating real-world cyber attackers’ tactics, techniques, and procedures (TTPs) to assess an organization’s security posture. In the world of cybersecurity, the term “red teaming” refers to a method of ethical hacking that is goal-oriented and driven…

A Technical Analysis of CVE-2022-22583 and CVE-2022-32800

Posted on December 21, 2022December 21, 2022 by Admin

A Technical Analysis of CVE-2022-22583 and CVE-2022-32800 Exploits & Vulnerabilities This blog entry discusses the technical details of how we exploited CVE-2022-22583 using a different method. We also tackle the technical details of CVE-2022-32800, another SIP-bypass that we discovered more recently, in this report. By: Mickey Jin December 21, 2022 Read time: ( words) On Jan. 26, 2022, Apple patched a System Integrity Protection (SIP)-bypass vulnerability in the PackageKit framework, identified as CVE-2022-22583. Apple shared…

Detecting Windows AMSI Bypass Techniques

Posted on December 21, 2022December 21, 2022 by Admin

Techniques bypassing AMSI were primarily used by security researchers and penetration testers. In recent years, however, cybercriminals have abused this and included the method as a feature in malware routines to evade detection that allowed them to continuously operate in a victim’s computer. Prior to AMSI, detections of fileless threats proved difficult. Previously documented methods used to achieve an AMSI bypass were: Obfuscation and/or encryption PowerShell downgrade Hooks and unhooks Memory patching Forcing an error…

Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities

Posted on December 20, 2022December 20, 2022 by Admin

A new bypass appears According to the aforementioned patch, we can see that if we can bypass the volume path check at line 81, then the system_installd service will spawn the script directly instead of resorting to the isolated XPC service. The question then is, how can we bypass the volume path check? Through debugging, we found that the destination volume path returned at line 80 is an arbitrary mounted DMG volume path that we…

Trend Helps Google Play Prevent Malicious Apps via ADA

Posted on December 16, 2022December 22, 2022 by Admin

Trend Helps Google Play Prevent Malicious Apps via ADA Trend Micro will be joining Google’s App Defense Alliance (ADA) to help improve their ability to identify malicious apps before they are published to the Google Play store. By: Jon Clay December 16, 2022 Read time: ( words) Google has announced Trend Micro will be joining their App Defense Alliance (ADA) to help improve their ability to identify malicious apps before they are published to the…

Ransomware Business Models: Future Pivots and Trends

Posted on December 15, 2022December 15, 2022 by Admin

RDP port 3389 remains a popular service abused by ransomware actors to gain initial access to systems located and connected to on-premise infrastructure. However, as more organizations shift to the cloud services for file storage and active directory systems, ransomware groups will look for more opportunities to develop and/or exploit vulnerabilities not yet leveraged at scale. Evolutions Gradual evolutions in the current modern ransomware models as we know them are expected to be tweaked in…

Probing Weaponized Chat Applications Abused in Supply-Chain Attacks

Posted on December 14, 2022December 14, 2022 by Admin

In late September 2022, threat researchers uncovered a supply-chain attack carried out by malicious actors using a trojanized installer of Comm100, a chat-based customer engagement application. Our investigation of the incident revealed that the breadth and depth of the campaign’s impact were greater than what the researchers had initially thought; we also found that more applications and their respective versions had been affected and established that attacks began much earlier than their first reckoning on…

CVE-2019-8561 A Hard-to-Banish PackageKit Framework Vulnerability in macOS

Posted on November 11, 2022November 11, 2022 by Admin

At line 28, if the offset value of the payload subpath inside the PKG file is not equal to zero, the “-[PKLeopardPackage payloadExtractorWithDestination:externalRoot:error:]” function will call the “-[PKPayloadCopier initWithArchivePath:offset:destination:]” function. Similar to the second method, there is a “triple fetch” issue. If the offset value is equal to zero, it will extract the payload from a special external root path, which seems to be unrestricted and can be controlled by an attacker. This means that…

Hack the Real Box: APT41’s New Subgroup Earth Longzhi

Posted on November 9, 2022November 9, 2022 by Admin

Hack the Real Box: APT41’s New Subgroup Earth Longzhi APT & Targeted Attacks We looked into the campaigns deployed by a new subgroup of advanced persistent threat (APT) group APT41, Earth Longzhi. This entry breaks down the technical details of the campaigns in full as presented at HITCON PEACE 2022 in August. By: Hara Hiroaki, Ted Lee November 09, 2022 Read time: ( words) In early 2022, we investigated an incident that compromised a company…

Latest on OpenSSL 3.0.7 Bug & Security-Fix

Posted on October 31, 2022November 5, 2022 by Admin

What to know and do about this week’s OpenSSL vulnerability A new vulnerability has just been disclosed in OpenSSL, an open-source cryptography library that is very widely used in a range of commercial and internal applications to provide encryption and other security and privacy capabilities. OpenSSL is found in applications deployed on-premises, in the cloud, in SaaS applications, on endpoints, servers, in IoT or OT environments, and more. What is the issue in OpenSSL? The…

« 1 2 3 4 … 9 »

A Technical Analysis of CVE-2022-22583 and CVE-2022-32800

Detecting Windows AMSI Bypass Techniques

Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities

Probing Weaponized Chat Applications Abused in Supply-Chain Attacks

CVE-2019-8561 A Hard-to-Banish PackageKit Framework Vulnerability in macOS

Hack the Real Box: APT41’s New Subgroup Earth Longzhi

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)