Found 25 bookmarks
Custom sorting
Cache Me If You Can: Local Privilege Escalation in Zscaler Client Connector (CVE-2023-41973)
Cache Me If You Can: Local Privilege Escalation in Zscaler Client Connector (CVE-2023-41973)
A couple months ago, my colleague Winston Ho and I chained a series of unfortunate bugs into a zero-interaction local privilege escalation in Zscaler Client Connector. This was an interesting journey into Windows RPC caller validation and bypassing several checks, including Authenticode verification. Check out the original Medium blogpost for Winston’s own ZSATrayManager Arbitrary File Deletion (CVE-2023-41969)!
#spaceraccoon#EN#204#report#vulnerability#Zscaler#Client#Connector#CVE-2023-41973
·spaceraccoon.dev·
Cache Me If You Can: Local Privilege Escalation in Zscaler Client Connector (CVE-2023-41973)
New Backdoor, MadMxShell
New Backdoor, MadMxShell
Beginning in March of 2024, Zscaler ThreatLabz observed a threat actor weaponizing a cluster of domains masquerading as legitimate IP scanner software sites to distribute a previously unseen backdoor. The threat actor registered multiple look-alike domains using a typosquatting technique and leveraged GoogleAds to push these domains to the top of search engine results targeting specific search keywords, thereby luring victims to visit these sites. The newly discovered backdoor uses several techniques such as multiple stages of DLL sideloading, abusing the DNS protocol for communicating with the command-and-control (C2) server, and evading memory forensics security solutions. We named this backdoor “MadMxShell” for its use of DNS MX queries for C2 communication and its very short interval between C2 requests.
#zscaler#EN#2024#typosquatting#MadMxShell#GoogleAds#DNS#Malvertising#Advance-ip-scanner
·zscaler.com·
New Backdoor, MadMxShell
Raccoon Stealer v2: The Latest Generation of the Raccoon Family
Raccoon Stealer v2: The Latest Generation of the Raccoon Family
Raccoon is a malware family that has been sold as malware-as-a-service on underground forums since early 2019. In early July 2022, a new variant of this malware was released. The new variant, popularly known as Raccoon Stealer v2, is written in C unlike previous versions which were mainly written in C++.
#zscaler#EN#2022#Raccoon#malware#malware-as-a-service#Stealer
·zscaler.com·
Raccoon Stealer v2: The Latest Generation of the Raccoon Family
Raccoon Stealer v2: The Latest Generation of the Raccoon Family
Raccoon Stealer v2: The Latest Generation of the Raccoon Family
Raccoon is a malware family that has been sold as malware-as-a-service on underground forums since early 2019. In early July 2022, a new variant of this malware was released. The new variant, popularly known as Raccoon Stealer v2, is written in C unlike previous versions which were mainly written in C++.
#zscaler#EN#2022#Raccoon#malware#malware-as-a-service#Stealer
·zscaler.com·
Raccoon Stealer v2: The Latest Generation of the Raccoon Family
Raccoon Stealer v2: The Latest Generation of the Raccoon Family
Raccoon Stealer v2: The Latest Generation of the Raccoon Family
Raccoon is a malware family that has been sold as malware-as-a-service on underground forums since early 2019. In early July 2022, a new variant of this malware was released. The new variant, popularly known as Raccoon Stealer v2, is written in C unlike previous versions which were mainly written in C++.
#zscaler#EN#2022#Raccoon#malware#malware-as-a-service#Stealer
·zscaler.com·
Raccoon Stealer v2: The Latest Generation of the Raccoon Family