Found 12 bookmarks
Custom sorting
BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA
BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA
KEY TAKEAWAYS Volexity discovered and reported a vulnerability in Fortinet's Windows VPN client, FortiClient, where user credentials remain in process memory after a user authenticates to the VPN. This vulnerability was abused by BrazenBamboo in their DEEPDATA malware. BrazenBamboo is the threat actor behind development of the LIGHTSPY malware family. LIGHTSPY variants have been discovered for all major operating systems, including iOS, and Volexity has recently discovered a new Windows variant. In July 2024, Volexity identified exploitation of a zero-day credential disclosure vulnerability in Fortinet’s Windows VPN client that allowed credentials to be stolen from the memory of the client’s process. This vulnerability was discovered while analyzing a recent sample of the DEEPDATA malware family. DEEPDATA is a modular post-exploitation tool for the Windows operating system that is used to gather a wide range of information from target devices. Analysis of the sample revealed a plugin that was designed to […]
#volexity#EN#VPN#analysis#FortiClient#Vulnerability#BrazenBamboo#DEEPDATA#stealer
·volexity.com·
BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA
smith (CVE-2023-32434)
smith (CVE-2023-32434)
This write-up presents an exploit for a vulnerability in the XNU kernel: Assigned CVE-2023-32434. Fixed in iOS 16.5.1 and macOS 13.4.1. Reachable from the WebContent sandbox and might have been actively exploited. *Note that this CVE fixed multiple integer overflows, so it is unclear whether or not the integer overflow used in my exploit was also used in-the-wild. Moreover, if it was, it might not have been exploited in the same way. The exploit has been successfully tested on: iOS 16.3, 16.3.1, 16.4 and 16.5 (iPhone 14 Pro Max) macOS 13.1 and 13.4 (MacBook Air M2 2022) All code snippets shown below are from xnu-8792.81.2.
#Poulin-Bélanger#EN#2023#exploit#analysis#vulnerability#github#macos#ios#CVE-2023-32434
·github.com·
smith (CVE-2023-32434)
Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1
Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1
Command & Control (C2) frameworks are a very sensitive component of Red Team operations. Often, a Red Team will be in a highly privileged position on a target’s network, and a compromise of the C2 framework could lead to a compromise of both the red team operator’s system and control over beacons established on a target’s systems. As such, vulnerabilities in C2 frameworks are high priority targets for threat actors and Counterintelligence (CI) operations. On September 20, 2022, HelpSystems published an out-of-band patch for Cobalt Strike which stated that there was potential for Remote Code Execution (RCE).
#securityintelligence#EN#2022#RCE#Cobalt-Strike#HelpSystems#Vulnerability#Analysis
·securityintelligence.com·
Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1
[CVE-2022-34918] A crack in the Linux firewall
[CVE-2022-34918] A crack in the Linux firewall
In our previous article Yet another bug into Netfilter, I presented a vulnerability found within the netfilter subsystem of the Linux kernel. During my investigation, I found a weird comparison that does not fully protect a copy within a buffer. It led to a heap buffer overflow that was exploited to obtain root privileges on Ubuntu 22.04.
#randorisec#EN#2022#CVE-2022-34918#Linux#netfilter#Vulnerability#analysis
·randorisec.fr·
[CVE-2022-34918] A crack in the Linux firewall
Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1
Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1
Command & Control (C2) frameworks are a very sensitive component of Red Team operations. Often, a Red Team will be in a highly privileged position on a target’s network, and a compromise of the C2 framework could lead to a compromise of both the red team operator’s system and control over beacons established on a target’s systems. As such, vulnerabilities in C2 frameworks are high priority targets for threat actors and Counterintelligence (CI) operations. On September 20, 2022, HelpSystems published an out-of-band patch for Cobalt Strike which stated that there was potential for Remote Code Execution (RCE).
#securityintelligence#EN#2022#RCE#Cobalt-Strike#HelpSystems#Vulnerability#Analysis
·securityintelligence.com·
Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1
[CVE-2022-34918] A crack in the Linux firewall
[CVE-2022-34918] A crack in the Linux firewall
In our previous article Yet another bug into Netfilter, I presented a vulnerability found within the netfilter subsystem of the Linux kernel. During my investigation, I found a weird comparison that does not fully protect a copy within a buffer. It led to a heap buffer overflow that was exploited to obtain root privileges on Ubuntu 22.04.
#randorisec#EN#2022#CVE-2022-34918#Linux#netfilter#Vulnerability#analysis
·randorisec.fr·
[CVE-2022-34918] A crack in the Linux firewall
[CVE-2022-34918] A crack in the Linux firewall
[CVE-2022-34918] A crack in the Linux firewall
In our previous article Yet another bug into Netfilter, I presented a vulnerability found within the netfilter subsystem of the Linux kernel. During my investigation, I found a weird comparison that does not fully protect a copy within a buffer. It led to a heap buffer overflow that was exploited to obtain root privileges on Ubuntu 22.04.
#randorisec#EN#2022#CVE-2022-34918#Linux#netfilter#Vulnerability#analysis
·randorisec.fr·
[CVE-2022-34918] A crack in the Linux firewall