Unfortunately, the reality of cybersecurity is that attackers will sometimes succeed in breaching an IT environment. Accepting this probability allows you to focus on learning how to detect a breach and manage such attacks.
Cybersecurity expert Julio Sanchez demonstrates approaches threat actors may take in an attempt to gain persistence after compromising Active Directory. Learn how each technique leaves different signs of compromise and how open-source tools can be used to spot them.
The new format of Microsoft monthly updates have proven challenging to reverse engineer. We’ve figured out a workaround that we hope will be helpful.
In the original format, the Microsoft updates have always included the full files to patch, and from there it’s relatively straightforward to work on reversing and diffing through only extracting, without installing the patch.
Penetration testing has become an increasingly standard exercise, with organizations using either pen testing services or in-house teams to uncover weaknesses and assess their security posture.
Ransomware, as an active variant of current malware, has undoubtedly undergone a series of changes that have allowed cyber criminals to expand the horizons of clandestine business. In order to try to understand the different "forms" ransomware has presented over time, this article will show the evolutionary line of this latent threat in a compact and concrete way.
In part 6, we learned how to understand a shellcode and its resolver. Now, we will continue with the analysis and resolution of abo2 in GHIDRA.
Download ABO2 executable. The latest version is on Google drive.
As you may already know, when a penetration test or Red Team exercise in being executed, it is important to define the objective of the project.
On August 5th, ethical hacker and cybersecurity professional Antoine Goichot posted on twitter that three vulnerabilities he had discovered on Cisco AnyConnect (CVE-2020-3433, CVE-2020-3434, and CVE-2020-3435) were now public. The next day, he published a follow-up blogpost on github.
Pen testing is a well-established practice for many organizations. With such diverse environments consisting of different applications from different vendors, it’s safe to assume security weaknesses are lurking somewhere. But why aren’t these security flaws found earlier, by the creators themselves? In this blog, we’ll explore why applications should also go through security testing and review during the development stage.
Title: Cisco AnyConnect Posture (HostScan) Security Service Multiple Vulnerabilities
Advisory ID: CORE-2021-0001
Advisory URL: https://www.coresecurity.com/core-labs/advisories/cisco-anyconnect-posture-hostscan-security-service-local-privilege-escalation (Retired)
Date published: 2021-02-17
Date of last update: 2020-02-17