Lucene search
+L

6 matches found

Pen Test Partners Blog
Pen Test Partners Blog
added 2025/04/23 5:19 a.m.17 views

Unallocated space analysis

TL;DR Unallocated space retains remnants of deleted files, metadata, logs, caches, and other artefacts. This is useful if a user attempts to cover their tracks, delete files, reformat drives, or use anti-forensic tools. These remnants can help reconstruct user actions exposing data exfiltration...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/08 10:34 a.m.42 views

Lazarus Group Exploits Zero-Day Vulnerability to Hack South Korean Financial Entity

The North Korea-linked Lazarus Group has been observed weaponizing flaws in an undisclosed software to breach a financial business entity in South Korea twice within a span of a year. While the first attack in May 2022 entailed the use of a vulnerable version of a certificate software that's wide...

Exploits0
The Hacker News
The Hacker News
added 2022/06/28 11:30 a.m.200 views

APT Hackers Targeting Industrial Control Systems with ShadowPad Backdoor

Entities located in Afghanistan, Malaysia, and Pakistan are in the crosshairs of an attack campaign that targets unpatched Microsoft Exchange Servers as an initial access vector to deploy the ShadowPad malware. Russian cybersecurity firm Kaspersky, which first detected the activity in mid-October...

9.8CVSS2.2AI score0.99999EPSS
Exploits63
The Hacker News
The Hacker News
added 2021/10/01 12:18 p.m.176 views

Chinese Hackers Used a New Rootkit to Spy on Targeted Windows 10 Users

A formerly unknown Chinese-speaking threat actor has been linked to a long-standing evasive operation aimed at South East Asian targets as far back as July 2020 to deploy a kernel-mode rootkit on compromised Windows systems. Attacks mounted by the hacking group, dubbed GhostEmperor by Kaspersky,...

1.7AI score
Exploits0
Securelist
Securelist
added 2021/09/30 10:0 a.m.48 views

GhostEmperor: From ProxyLogon to kernel mode

Download GhostEmperors technical details PDF While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. This cluster stood out for its usage of a formerly unknown Windows kernel mode...

1.3AI score
Exploits0
ThreatPost
ThreatPost
added 2017/02/08 4:37 p.m.11 views

Fileless Memory-Based Malware Plagues 140 Banks, Enterprises

Attackers have been using well-known, standard utilities to carry out attacks on organizations around the world, and covering their tracks by wiping their activity from the machine’s memory before its rebooted. The attackers, who may be connected to the GCMAN and Carbanak groups, aren’t using...

1.1AI score
Exploits0References8
Rows per page
Query Builder