Threat Research Blog

  • An Introduction to Hardware Hacking

    An Introduction to Hardware Hacking

    With the introduction of more and more IOT and embedded devices in the market, hackers are starting to find firmware exploitation as a more viable mechanism for gaining access into networks and...

    Read Article
  • Running Sensitive Apps in WSL: (SAFE + SAFE) < SAFE

    Running Sensitive Apps in WSL: (SAFE + SAFE) < SAFE

    This blog is intended to be a warning bell and to draw attention to a potential security risk involved in running sensitive applications in the WSL (“Windows Subsystem Linux”) Windows utility. As...

    Read Article
  • Make Memcpy Safe Again: CodeQL

    Make Memcpy Safe Again: CodeQL

    Last February, I went to #OffensiveCon20 and, as you might expect, it was awesome. The talks were great, but the real gem was the CodeQL workshop that was held the second day of the event....

    Read Article
  • Using Kubelet Client to Attack the Kubernetes Cluster

    Using Kubelet Client to Attack the Kubernetes Cluster

    In this blog post, we are going to look at the Kubernetes agent, kubelet (see Figure 1), which is responsible for the creation of the containers inside the nodes and show how it can be...

    Read Article
  • Masking Malicious Memory Artifacts – Part III: Bypassing Defensive Scanners

    Masking Malicious Memory Artifacts – Part III: Bypassing Defensive Scanners

    Introduction With fileless malware becoming a ubiquitous feature of most modern Red Teams, knowledge in the domain of memory stealth and detection is becoming an increasingly valuable skill to add...

    Read Article
  • DIY: Hunting Azure Shadow Admins Like Never Before

    DIY: Hunting Azure Shadow Admins Like Never Before

    TL;DR Cloud technologies are ubiquitous and most organizations rely on cloud vendors to provide them with critical services and computing workloads. This ecosystem makes organizations deeply...

    Read Article
  • Masking Malicious Memory Artifacts – Part II: Insights from Moneta

    Masking Malicious Memory Artifacts – Part II: Insights from Moneta

    Introduction With fileless malware becoming a ubiquitous feature of most modern Red Teams, knowledge in the domain of memory stealth and detection is becoming an increasingly valuable skill to add...

    Read Article
  • Masking Malicious Memory Artifacts – Part I: Phantom DLL Hollowing

    Masking Malicious Memory Artifacts – Part I: Phantom DLL Hollowing

    Introduction With fileless malware becoming a ubiquitous feature of most modern Red Teams, knowledge in the domain of memory stealth and detection is becoming an increasingly valuable skill to add...

    Read Article
  • Introducing Evasor: A New Pen Test Tool for WindowAppLocker

    Introducing Evasor: A New Pen Test Tool for WindowAppLocker

    For anyone who may not be familiar, Windows AppLocker is an application whitelisting technology that allows administrators to control which executable files are allowed to be executed. With...

    Read Article
  • Group Policies Going Rogue

    Group Policies Going Rogue

    This blog –part of a year-long research project that uncovered 60 different vulnerabilities across major vendors – discusses a vulnerability in the Windows group policy object (GPO) mechanism....

    Read Article
  • Bug Hunting Stories: Schneider Electric & The Andover Continuum Web.Client

    Bug Hunting Stories: Schneider Electric & The Andover Continuum Web.Client

    As a penetration tester, my mission is to find vulnerabilities. To sharpen my skills and to stay up-to-date with new technologies, I spend my free time hacking on numerous bug bounty programs on...

    Read Article
  • When a CLI Falls for an Attacker

    When a CLI Falls for an Attacker

    A few months ago, I was working on research that involved spanning up and down multiple virtual machines in AWS and used AWS CLI in order to manage them. I decided to make a small...

    Read Article
  • Beware of the GIF: Account Takeover Vulnerability in Microsoft Teams

    Beware of the GIF: Account Takeover Vulnerability in Microsoft Teams

    Executive Summary As more and more business is conducted from remote locations, attackers are focusing their efforts on exploiting the key technologies – like Zoom and Microsoft Teams – that...

    Read Article
  • Wild Temporary Tokens and Where to Find Them – AWS Edition

    Wild Temporary Tokens and Where to Find Them – AWS Edition

    AWS is one of the most successful cloud solutions available today. As a pioneer in the infrastructure-as-a-service (IaaS) scene, AWS has more than a million customers. Part of that success is...

    Read Article
  • Explain Like I’m 5: Remote Desktop Protocol (RDP)

    Explain Like I’m 5: Remote Desktop Protocol (RDP)

    Table of Contents Introduction RDP Connection Connection Sequence | Basic Input and Output Channels in RDP | Data Compression RDP Security | Recent RDP Vulnerabilities Conclusion References  ...

    Read Article
  • I Know What Azure Did Last Summer

    I Know What Azure Did Last Summer

    More and more companies are deciding to move their infrastructures into cloud environments offered by Microsoft Azure, Google Cloud Computing, Amazon AWS and many more. In our modern and rapidly...

    Read Article
  • CoronaVirus Ransomware

    CoronaVirus Ransomware

    These days, when the world is focused on getting a handle on the COVID-19 crisis, cybercriminals are taking advantage of our desire for information. We’re seeing all kinds of attacks leveraging...

    Read Article
  • Raccoon: The Story of a Typical Infostealer

    Raccoon: The Story of a Typical Infostealer

    An infostealer is a type of malware that is focused on gathering sensitive and conditional information from the compromised system. While this information is often related to the user’s...

    Read Article
  • Thick Client Penetration Testing Methodology

    Thick Client Penetration Testing Methodology

    1 Introduction 2 Common Architectures of Thick Client applications 2.1 Two-Ttier architecture 2.2 Three-Tier architecture 3 How to test thick client applications? 3.1 Information Gathering 3.1.1...

    Read Article
  • Predator the Thief

    Predator the Thief

    Learn how CyberArk Endpoint Privilege Manager protects against Predator the Thief, a stealthy malware program that steals confidential info like usernames, passwords, browser data and payment data.

    Read Article
  • loading
    Loading More...