Threat Research Blog

Best Defense? Our Red Team Lead Reveals 4 MFA Bypass Techniques

Digital transformation, widespread remote work due to the COVID-19 pandemic and ever-increasing reliance on cloud services and infrastructure have all contributed to new enterprise access...

Read Article
Attacking Kubernetes Clusters Through Your Network Plumbing: Part 2

In Part 1 of this blog post, we discussed attack vectors that utilize the different features of the devices that network plugins use, such as bridge devices and tunneling devices (VXLAN in...

Read Article
Virtual Cloak: Virtualization as Malware

Virtualization is a double-edged sword The glorious rise of the cloud in recent years could be attributed to the gradual advancement of many different technologies, both hardware and software...

Read Article
Kubesploit: A New Offensive Tool for Testing Containerized Environments

In this blog post, we will introduce a new open-source tool we developed, named Kubesploit, for testing Kubernetes environments. This is a full framework, dedicated to Kubernetes, to assist...

Read Article
The Mysterious Realm of JavaScriptCore

TL;DR JavaScriptCore (JSC) is the JavaScript engine used by Safari, Mail, App Store and many other apps in MacOs. The JSC engine is responsible for executing every line of JavaScript (JS) that...

Read Article
Kinsing: The Malware with Two Faces

Lately, we’ve been busy researching the developing field of cloud and container threats. Why focus here? Because, as this technology becomes more popular and continues to evolve, attackers are...

Read Article
The Strange Case of How We Escaped the Docker Default Container

TL;DR During an internal container-based Red Team engagement, the Docker default container spontaneously and silently changed cgroups overnight, which allowed us to escalate privileges and gain...

Read Article
Hunting Azure Blobs Exposes Millions of Sensitive Files

We hear about it all the time – data breaches that expose a company’s sensitive information. Nearly all of us have been warned that our passwords, email addresses or even credit cards have...

Read Article
Meet Oski Stealer: An In-depth Analysis of the Popular Credential Stealer

Meet Oski Stealer: An In-depth Analysis of the Popular Credential Stealer Credential theft malware continues to be one of the most prevalent types of malware used in cyber attacks. The main...

Read Article
Golden SAML Revisited: The Solorigate Connection

In the past few weeks, we’ve been witnessing one of the most elaborate supply-chain attacks unfold with a threat actor that infected SolarWinds Orion source code and used the update process to get...

Read Article
Accessing and Dumping Firmware Through UART

Introduction In the first part of my hardware hacking series, we discussed dumping firmware through the SPI flash chip. In this post, we will review the process of accessing and dumping the...

Read Article
A Modern Exploration of Windows Memory Corruption Exploits – Part I: Stack Overflows

Introduction The topic of memory corruption exploits can be a difficult one to initially break in to. When I first began to explore this topic on the Windows OS I was immediately struck by the...

Read Article
Intel, Please Stop Assisting Me

This post focuses on two vulnerabilities the CyberArk Labs team uncovered in the Intel Support Assistant that affected the millions of Windows machines that run this software. The first...

Read Article
Attacking Kubernetes Clusters Through Your Network Plumbing: Part 1

Have you ever wondered how the water supply gets into your home and to the taps? Honestly it may not be something you ever thought about. When receiving a system that works “out of the...

Read Article
LoRaWAN & MQTT: What to Know When Securing Your IoT Network

The LoRaWAN protocol wirelessly connects battery-powered devices to the internet. Because of its ability to communicate long-range with little battery consumption, it is likely to be the network...

Read Article
Anti-Virus Vulnerabilities: Who’s Guarding the Watch Tower?

This blog entry is a special anti-malware edition showcasing how the most common bugs security products suffer from can allow a standard user to escalate into a privileged user. What we found...

Read Article
An Introduction to Hardware Hacking

With the introduction of more and more IOT and embedded devices in the market, hackers are starting to find firmware exploitation as a more viable mechanism for gaining access into networks and...

Read Article
Running Sensitive Apps in WSL: (SAFE + SAFE) < SAFE

This blog is intended to be a warning bell and to draw attention to a potential security risk involved in running sensitive applications in the WSL (“Windows Subsystem Linux”) Windows utility. As...

Read Article
Make Memcpy Safe Again: CodeQL

Last February, I went to #OffensiveCon20 and, as you might expect, it was awesome. The talks were great, but the real gem was the CodeQL workshop that was held the second day of the event....

Read Article
Using Kubelet Client to Attack the Kubernetes Cluster

In this blog post, we are going to look at the Kubernetes agent, kubelet (see Figure 1), which is responsible for the creation of the containers inside the nodes and show how it can be...

Read Article
Loading More...

Threat Research Blog

Best Defense? Our Red Team Lead Reveals 4 MFA Bypass Techniques

Digital transformation, widespread remote work due to the COVID-19 pandemic and ever-increasing reliance on cloud services and infrastructure have all contributed to new enterprise access...

Attacking Kubernetes Clusters Through Your Network Plumbing: Part 2

In Part 1 of this blog post, we discussed attack vectors that utilize the different features of the devices that network plugins use, such as bridge devices and tunneling devices (VXLAN in...

Virtual Cloak: Virtualization as Malware

Virtualization is a double-edged sword The glorious rise of the cloud in recent years could be attributed to the gradual advancement of many different technologies, both hardware and software...

Kubesploit: A New Offensive Tool for Testing Containerized Environments

In this blog post, we will introduce a new open-source tool we developed, named Kubesploit, for testing Kubernetes environments. This is a full framework, dedicated to Kubernetes, to assist...

The Mysterious Realm of JavaScriptCore

TL;DR JavaScriptCore (JSC) is the JavaScript engine used by Safari, Mail, App Store and many other apps in MacOs. The JSC engine is responsible for executing every line of JavaScript (JS) that...

Kinsing: The Malware with Two Faces

Lately, we’ve been busy researching the developing field of cloud and container threats. Why focus here? Because, as this technology becomes more popular and continues to evolve, attackers are...

The Strange Case of How We Escaped the Docker Default Container

TL;DR During an internal container-based Red Team engagement, the Docker default container spontaneously and silently changed cgroups overnight, which allowed us to escalate privileges and gain...

Hunting Azure Blobs Exposes Millions of Sensitive Files

We hear about it all the time – data breaches that expose a company’s sensitive information. Nearly all of us have been warned that our passwords, email addresses or even credit cards have...

Meet Oski Stealer: An In-depth Analysis of the Popular Credential Stealer

Meet Oski Stealer: An In-depth Analysis of the Popular Credential Stealer Credential theft malware continues to be one of the most prevalent types of malware used in cyber attacks. The main...

Golden SAML Revisited: The Solorigate Connection

In the past few weeks, we’ve been witnessing one of the most elaborate supply-chain attacks unfold with a threat actor that infected SolarWinds Orion source code and used the update process to get...

Accessing and Dumping Firmware Through UART

Introduction In the first part of my hardware hacking series, we discussed dumping firmware through the SPI flash chip. In this post, we will review the process of accessing and dumping the...

A Modern Exploration of Windows Memory Corruption Exploits – Part I: Stack Overflows

Introduction The topic of memory corruption exploits can be a difficult one to initially break in to. When I first began to explore this topic on the Windows OS I was immediately struck by the...

Intel, Please Stop Assisting Me

This post focuses on two vulnerabilities the CyberArk Labs team uncovered in the Intel Support Assistant that affected the millions of Windows machines that run this software. The first...

Attacking Kubernetes Clusters Through Your Network Plumbing: Part 1

Have you ever wondered how the water supply gets into your home and to the taps? Honestly it may not be something you ever thought about. When receiving a system that works “out of the...

LoRaWAN & MQTT: What to Know When Securing Your IoT Network

The LoRaWAN protocol wirelessly connects battery-powered devices to the internet. Because of its ability to communicate long-range with little battery consumption, it is likely to be the network...

Anti-Virus Vulnerabilities: Who’s Guarding the Watch Tower?

This blog entry is a special anti-malware edition showcasing how the most common bugs security products suffer from can allow a standard user to escalate into a privileged user. What we found...

An Introduction to Hardware Hacking

With the introduction of more and more IOT and embedded devices in the market, hackers are starting to find firmware exploitation as a more viable mechanism for gaining access into networks and...

Running Sensitive Apps in WSL: (SAFE + SAFE) < SAFE

This blog is intended to be a warning bell and to draw attention to a potential security risk involved in running sensitive applications in the WSL (“Windows Subsystem Linux”) Windows utility. As...

Make Memcpy Safe Again: CodeQL

Last February, I went to #OffensiveCon20 and, as you might expect, it was awesome. The talks were great, but the real gem was the CodeQL workshop that was held the second day of the event....

Using Kubelet Client to Attack the Kubernetes Cluster

In this blog post, we are going to look at the Kubernetes agent, kubelet (see Figure 1), which is responsible for the creation of the containers inside the nodes and show how it can be...