Found 4 bookmarks
Custom sorting
Stealthy Attributes of APT Lazarus: Evading Detection with Extended Attributes
Stealthy Attributes of APT Lazarus: Evading Detection with Extended Attributes
APT Lazarus has begun attempting to smuggle code using custom extended attributes. Extended attributes are metadata that can be associated with files and directories in various file systems. They allow users to store additional information about a file beyond the standard attributes like file size, timestamps, and permissions.
·group-ib.com·
Stealthy Attributes of APT Lazarus: Evading Detection with Extended Attributes
Windows driver zero-day exploited by Lazarus hackers to install rootkit
Windows driver zero-day exploited by Lazarus hackers to install rootkit
The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. #BYOVD #Bring #CVE-2024-38193 #Driver #Group #Lazarus #Microsoft #Own #Vulnerability #Your #Zero-Day
·bleepingcomputer.com·
Windows driver zero-day exploited by Lazarus hackers to install rootkit
Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day - Avast Threat Labs
Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day - Avast Threat Labs
The Lazarus Group is back with an upgraded variant of their FudModule rootkit, this time enabled by a zero-day admin-to-kernel vulnerability for CVE-2024-21338. Read this blog for a detailed analysis of this rootkit variant and learn more about several new techniques, including a handle table entry manipulation technique that directly targets Microsoft Defender, CrowdStrike Falcon, and HitmanPro.
·decoded.avast.io·
Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day - Avast Threat Labs