Writing a BugSleep C2 server and detecting its traffic with Snort

In June 2024, security researchers published their analysis of a novel implant dubbed "MuddyRot"aka "BugSleep". This remote access tool RAT gives operators reverse shell and file input/output I/O capabilities on a victim's endpoint using a bespoke command and control C2 protocol. This blog will...

Missing TTLS Encryption

github.com/edgelesssys/marblerun is vulnerable to Missing TTLS Encryption. The vulnerability is due to unsecured plain TCP connections between Marbles if the parameters don't include an environment variable. This flaw allows an attacker intercept and manipulate the communication between Marbles...