Hunting for Cobalt Strike: Mining and plotting for fun and profit

Introduction Cobalt Strike is a commercial Command and Control framework built by Helpsystems. You can find out more about Cobalt Strike on the MITRE ATT&CK page. But it can also be used by real adversaries. In this post we describe how to use RiskIQ and other Microsoft technologies to see if you...

Hunting for Cobalt Strike: Mining and plotting for fun and profit

Introduction Introduction Cobalt Strike is a commercial Command and Control framework built by Helpsystems. You can find out more about Cobalt Strike on the MITRE ATT&CK page. But it can also be used by real adversaries. In this post we describe how to use RiskIQ and other Microsoft technologies ...

Hunting for Cobalt Strike: Mining and plotting for fun and profit

Introduction Cobalt Strike is a commercial Command and Control framework built by Helpsystems. You can find out more about Cobalt Strike on the MITRE ATT&CK page. But it can also be used by real adversaries. In this post we describe how to use RiskIQ and other Microsoft technologies to see if you...

Vulnerability Management news and publications #2

Hello everyone! This is the second episode of Vulnerability Management news and publications. In fact, this is a collection of my posts from the avleonovcom and avleonovrus telegram channels. Therefore, if you want to read them earlier, subscribe to these channels. The main idea of ​​this episode...

IT threat evolution Q1 2019

Targeted attacks and malware campaigns Go Zebrocy Zebrocy was first observed being used as a Sofacy backdoor in 2015. However, the collection of cases where this tool has been used mean that we consider it a subset of activity in its own right. On the basis of this threat actor's past behaviour, ...

Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities

Executive Summary Throughout the autumn of 2018 we analyzed a long-standing and still active at that time cyber-espionage campaign that was primarily targeting foreign diplomatic entities based in Iran. The attackers were using an improved version of Remexi in what the victimology suggests might ...

Microsoft XML Core Services CVE-2015-2434 Man in the Middle Information Disclosure Vulnerability

Description Microsoft XML Core Services is prone to an information-disclosure vulnerability. Attackers can exploit this issue to disclose potentially sensitive information through man-in-the-middle attacks. Technologies Affected Microsoft Office 2007 SP2 Microsoft Windows 7 for 32-bit Systems SP1...

Web Editor Vulnerable To XSS Attacks

All versions of an HTML editor used in several Microsoft technologies, including ASP.NET, suffer from a high-risk cross-site scripting XSS vulnerability that could allow an attacker to inject malicious script and glean private information. The problem exists in all versions of RadEditor, a WYSIWY...

Microsoft MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability

Description Microsoft MPEG Layer-3 audio decoder is prone to a remote buffer-overflow vulnerability because the applicaiton fails to perform adequate boundary-checks on user-supplied data. Successful exploits allow remote attackers to execute arbitrary code in the context of the user running the...

IA64

IA64...

Dynamics CRM 2016 Norwegian Router amd64

Dynamics CRM 2016 Norwegian Router amd64...

Slovak (EN based) LIP

Use to detect Slovak LIP system...