Update from the Trenches
Ivanti CSA Investigation/Detection Details October 9, 2024 Authors: Rui Ataide, Andrew Nelson, and Hermes Bojaxhi GuidePoint Security has recently been engaged on several incidents related to f…
Archive
SCCM Exploitation: Evading Defenses and Moving Laterally with SCCM Application Deployment
June 20, 2024 TL;DR: Compromise of an SCCM administrator account can easily lead to compromise of every machine managed by SCCM.
BianLian GOs for PowerShell After TeamCity Exploitation
March 8, 2024 Contributors: Justin Timothy, Threat Intelligence Consultant, Gabe Renfro, DFIR Advisory Consultant, Keven Murphy, DFIR Principal Consultant Introduction Ever since Avast released a decr…
Tunnel Vision: CloudflareD AbuseD in the WilD
August 3, 2023 Introduction Across the cybersecurity community, defenders are constantly finding threat actors using novel and innovative techniques to further their exploitation efforts against targe…
GuidePoint Security researcher discovers vulnerability in the integrity of common HMI client-server protocol
December 1, 2022 What if you could no longer trust the critical process values displayed on your HMI screen? Executive Summary When operating an Industrial Control System (ICS), the operator relies on…
vSOC SPOT Report: Runc Docker Vulnerability
Overview On February 11, 2019, security researchers Adam Iwaniuk and Borys Popławski responsibly disclosed a vulnerability in Runc, the standard utility for spawning and running containers in Docker,…
vSOC SPOT Report: IE – Scripting Engine Memory Corruption Vulnerability
Overview On December 19th, 2018 Microsoft released a zero-day patch for a vulnerability that impacted multiple Internet Explorer versions within all platforms.
vSOC SPOT Report: Vulnerability in CISCO ASA SIP (CVE-2018-15454)
Overview This SPOT Report contains information on the latest vulnerability found in the Cisco ASA firewall, Cisco switches, and Cisco routers alongside the coupling ASA virtual appliances and Cisco Fi…
vSOC SPOT Report: JET Engine
Overview A zero-day flaw has been released by Trend Micro’s Zero Day Initiative (ZDI) team involving an out-of-bounds write in the Microsoft JET Database Engine.
vSOC SPOT Report: Exim Remote Code Execution Vulnerability
Overview On March 6th, 2018, a security researcher by the name of Meh Chang of Devcore, a Taiwanese security consulting firm, published a remote code execution vulnerability that is present in the mai…
vSOC SPOT Report: Mozilla Firefox Arbitrary Code Execution Vulnerability
Overview On January 29th, Mozilla developer Johann Hofmann reported that there was a major Arbitrary Code Execution vulnerability (CVE-2018-5124) within the browser’s user interface (UI) that allows…
vSOC SPOT Report: Cisco Adaptive Security Appliance RCE & Denial of Service Vulnerability
Update (2018-01-31): SNORT Signatures After further research, vSOC has located Snort signatures published by the fox-srt team, which can detect exploitation of this vulnerability.