Threat Research Blog

Masking Malicious Memory Artifacts – Part I: Phantom DLL Hollowing

Introduction With fileless malware becoming a ubiquitous feature of most modern Red Teams, knowledge in the domain of memory stealth and detection is becoming an increasingly valuable skill to add...

Read Article
Introducing Evasor: A New Pen Test Tool for WindowAppLocker

For anyone who may not be familiar, Windows AppLocker is an application whitelisting technology that allows administrators to control which executable files are allowed to be executed. With...

Read Article
Don't Miss Impact Live 2020!
REGISTER NOW
Group Policies Going Rogue

This blog –part of a year-long research project that uncovered 60 different vulnerabilities across major vendors – discusses a vulnerability in the Windows group policy object (GPO) mechanism....

Read Article
Bug Hunting Stories: Schneider Electric & The Andover Continuum Web.Client

As a penetration tester, my mission is to find vulnerabilities. To sharpen my skills and to stay up-to-date with new technologies, I spend my free time hacking on numerous bug bounty programs on...

Read Article
When a CLI Falls for an Attacker

A few months ago, I was working on research that involved spanning up and down multiple virtual machines in AWS and used AWS CLI in order to manage them. I decided to make a small...

Read Article
Beware of the GIF: Account Takeover Vulnerability in Microsoft Teams

Executive Summary As more and more business is conducted from remote locations, attackers are focusing their efforts on exploiting the key technologies – like Zoom and Microsoft Teams – that...

Read Article
Wild Temporary Tokens and Where to Find Them – AWS Edition

AWS is one of the most successful cloud solutions available today. As a pioneer in the infrastructure-as-a-service (IaaS) scene, AWS has more than a million customers. Part of that success is...

Read Article
Explain Like I’m 5: Remote Desktop Protocol (RDP)

Table of Contents Introduction RDP Connection Connection Sequence | Basic Input and Output Channels in RDP | Data Compression RDP Security | Recent RDP Vulnerabilities Conclusion References ...

Read Article
I Know What Azure Did Last Summer

More and more companies are deciding to move their infrastructures into cloud environments offered by Microsoft Azure, Google Cloud Computing, Amazon AWS and many more. In our modern and rapidly...

Read Article
CoronaVirus Ransomware

These days, when the world is focused on getting a handle on the COVID-19 crisis, cybercriminals are taking advantage of our desire for information. We’re seeing all kinds of attacks leveraging...

Read Article
Raccoon: The Story of a Typical Infostealer

An infostealer is a type of malware that is focused on gathering sensitive and conditional information from the compromised system. While this information is often related to the user’s...

Read Article
Thick Client Penetration Testing Methodology

1 Introduction 2 Common Architectures of Thick Client applications 2.1 Two-Ttier architecture 2.2 Three-Tier architecture 3 How to test thick client applications? 3.1 Information Gathering 3.1.1...

Read Article
Don't Miss Impact Live 2020!
REGISTER NOW
Predator the Thief

Learn how CyberArk Endpoint Privilege Manager protects against Predator the Thief, a stealthy malware program that steals confidential info like usernames, passwords, browser data and payment data.

Read Article
BlackDirect: Microsoft Azure Account Takeover

While working on research associated with Microsoft Azure and Microsoft OAuth 2.0, we found a vulnerability that allows for the takeover of Microsoft Azure Accounts.

Read Article
Kubernetes Pentest Methodology Part 3

A Technical Deep Dive Into Insider Kubernetes Attack Vectors In part one and part two of our series on Kubernetes penetration test methodology we covered the security risks that can be created by...

Read Article
Lazy Privilege Escalation: Abusing Dell’s DUP Framework, CVE-2019-3726

We walk through CVE-2019-3726, a privilege escalation vulnerability, and show how easy it is to abuse the DUP installation framework.

Read Article
Follow the Link: Exploiting Symbolic Links with Ease

Symbolic Link attacks can lead to the escalation of privilege. They are easy to execute and have the potential to cause some serious damage.

Read Article
Eight Ways to Create a Pod

CyberArk’s Eviatar Gerzer explains how to use role-based access controls to improve the security of Kubernetes clusters and reduce cloud-native application vulnerabilities.

Read Article
Kubernetes Pentest Methodology Part 2

Attacking the Cluster Remotely In our previous blog post “Kubernetes Pentest Methodology Part 1”, we wrote about the risks that might be created by misconfiguring the Kubernetes RBAC. Also, we...

Read Article
Krypton Stealer – Kryptonite for Credentials

Krypton is a small size binary andan efficient credential stealer, working on Windows 7 to 10 without any permission requirements – regular user rights are enough. It might just be antivirus kryptonit

Read Article
Loading More...

Threat Research Blog

Masking Malicious Memory Artifacts – Part I: Phantom DLL Hollowing

Introduction With fileless malware becoming a ubiquitous feature of most modern Red Teams, knowledge in the domain of memory stealth and detection is becoming an increasingly valuable skill to add...

Introducing Evasor: A New Pen Test Tool for WindowAppLocker

For anyone who may not be familiar, Windows AppLocker is an application whitelisting technology that allows administrators to control which executable files are allowed to be executed. With...

Group Policies Going Rogue

This blog –part of a year-long research project that uncovered 60 different vulnerabilities across major vendors – discusses a vulnerability in the Windows group policy object (GPO) mechanism....

Bug Hunting Stories: Schneider Electric & The Andover Continuum Web.Client

As a penetration tester, my mission is to find vulnerabilities. To sharpen my skills and to stay up-to-date with new technologies, I spend my free time hacking on numerous bug bounty programs on...

When a CLI Falls for an Attacker

A few months ago, I was working on research that involved spanning up and down multiple virtual machines in AWS and used AWS CLI in order to manage them. I decided to make a small...

Beware of the GIF: Account Takeover Vulnerability in Microsoft Teams

Executive Summary As more and more business is conducted from remote locations, attackers are focusing their efforts on exploiting the key technologies – like Zoom and Microsoft Teams – that...

Wild Temporary Tokens and Where to Find Them – AWS Edition

AWS is one of the most successful cloud solutions available today. As a pioneer in the infrastructure-as-a-service (IaaS) scene, AWS has more than a million customers. Part of that success is...

Explain Like I’m 5: Remote Desktop Protocol (RDP)

Table of Contents Introduction RDP Connection Connection Sequence | Basic Input and Output Channels in RDP | Data Compression RDP Security | Recent RDP Vulnerabilities Conclusion References ...

I Know What Azure Did Last Summer

More and more companies are deciding to move their infrastructures into cloud environments offered by Microsoft Azure, Google Cloud Computing, Amazon AWS and many more. In our modern and rapidly...

CoronaVirus Ransomware

These days, when the world is focused on getting a handle on the COVID-19 crisis, cybercriminals are taking advantage of our desire for information. We’re seeing all kinds of attacks leveraging...

Raccoon: The Story of a Typical Infostealer

An infostealer is a type of malware that is focused on gathering sensitive and conditional information from the compromised system. While this information is often related to the user’s...

Thick Client Penetration Testing Methodology

1 Introduction 2 Common Architectures of Thick Client applications 2.1 Two-Ttier architecture 2.2 Three-Tier architecture 3 How to test thick client applications? 3.1 Information Gathering 3.1.1...

Predator the Thief

Learn how CyberArk Endpoint Privilege Manager protects against Predator the Thief, a stealthy malware program that steals confidential info like usernames, passwords, browser data and payment data.

BlackDirect: Microsoft Azure Account Takeover

While working on research associated with Microsoft Azure and Microsoft OAuth 2.0, we found a vulnerability that allows for the takeover of Microsoft Azure Accounts.

Kubernetes Pentest Methodology Part 3

A Technical Deep Dive Into Insider Kubernetes Attack Vectors In part one and part two of our series on Kubernetes penetration test methodology we covered the security risks that can be created by...

Lazy Privilege Escalation: Abusing Dell’s DUP Framework, CVE-2019-3726

We walk through CVE-2019-3726, a privilege escalation vulnerability, and show how easy it is to abuse the DUP installation framework.

Follow the Link: Exploiting Symbolic Links with Ease

Symbolic Link attacks can lead to the escalation of privilege. They are easy to execute and have the potential to cause some serious damage.

Eight Ways to Create a Pod

CyberArk’s Eviatar Gerzer explains how to use role-based access controls to improve the security of Kubernetes clusters and reduce cloud-native application vulnerabilities.

Kubernetes Pentest Methodology Part 2

Attacking the Cluster Remotely In our previous blog post “Kubernetes Pentest Methodology Part 1”, we wrote about the risks that might be created by misconfiguring the Kubernetes RBAC. Also, we...

Krypton Stealer – Kryptonite for Credentials

Krypton is a small size binary andan efficient credential stealer, working on Windows 7 to 10 without any permission requirements – regular user rights are enough. It might just be antivirus kryptonit