Malware hosting domain Cyberium fanning out Mirai variants
June 14, 2021 | Fernando Martinez
Executive summary LevelBlue Labs has observed the Mirai variant botnet, known ...
Patch Tuesday, June 2021
June 08, 2021 | Karl Sigler
Summer is officially here and with it June's Patch Tuesday. This is a ...
Huawei LTE USB Stick E3372: From File Overwrite to Code Execution
June 02, 2021 | Martin Rakhmanov
In today's world, more and more devices are connected to the Internet for ...
Web Applications and Internal Penetration Tests
May 25, 2021 | Bruno Oliveira
Until recently, I really didn't care about web applications on an internal ...
AWS IAM security explained
May 24, 2021 | Fernando Martinez
Executive summary AWS Policies are a key foundation in good cloud security, but ...
CVE-2021-31166: RCE in Microsoft HTTP.sys
May 21, 2021 | Bryant Smith
In the May 2021 Microsoft update, Microsoft patched an HTTP.sys vulnerability ...
Exploitation of Sharepoint 2016: Simple Things Matter – Case Study
May 18, 2021 | Lukasz Wierzbicki
Sharepoint is generally used as an intranet site, to share news and other ...
Patch Tuesday, May 2021
May 11, 2021 | Karl Sigler
May's Patch Tuesday is upon us and probably the most surprising thing about the ...
Pingback: Backdoor At The End Of The ICMP Tunnel
May 04, 2021 | Lloyd Macrohon, Rodel Mendrez
Introduction In this post, we analyze a piece of malware that we encountered ...
All Your Databases Belong To Me! A Blind SQLi Case Study
April 22, 2021 | Andreas Georgiou
“All your base are belong to us”, Zero game 1992
Patch Tuesday, April 2021
April 13, 2021 | Karl Sigler
April's Patch Tuesday is upon us and it is showering us with patches for a ...
HTML Lego: Hidden Phishing at Free JavaScript Site
April 08, 2021 | Homer Pacag
This blog investigates an interesting phishing campaign we encountered ...
Elevate Yourself to Admin in Umbraco CMS 8.9.0 (CVE-2020-29454)
April 01, 2021 | Jonathan Yarema
Umbraco version 8.9.0 (also seen in 8.6.3) has a privilege escalation issue in ...
You Just Received 25k USD in Your BTC Account! A Practical Phishing Defense Tutorial
March 29, 2021 | Jakub Adamczyk
From time to time, we all receive some unexpected messages. Either through ...
From Creative Password Hashes to Administrator: Gone in 60 Seconds (Or Thereabouts)
March 25, 2021 | Tom Neaves
Picture the scene, you’re on an application penetration test (as a normal user) ...
HAFNIUM, China Chopper and ASP.NET Runtime
March 15, 2021 | Joshua Deacon
The recent Microsoft Exchange Server zero-day exploits (CVE-2021-26855, ...
Image File Trickery Part II: Fake Icon Delivers NanoCore
March 11, 2021 | Diana Lopera
The .zipx file extension is used to denote that the ZIP archive format is ...
Patch Tuesday, March 2021
March 09, 2021 | Karl Sigler
The March Patch Tuesday is here and it's been an unfortunately busy month for ...
Trustwave's Action Response to the Microsoft Exchange Server Zero-Day Vulnerabilities and Attacks
March 08, 2021 | Trustwave SpiderLabs
UPDATES
Office 365 Best Practices: 7 Steps to Mitigating Business Email Compromise
February 24, 2021 | Carly Battaile
Microsoft’s Office 365 is an increasingly popular email solution for ...
Finding More IDORs – Tips and Tricks
February 12, 2021 | Max Corbridge
A collection of useful tips, tricks, and techniques for discovering IDORs.
The Many Roads Leading To Agent Tesla
February 12, 2021 | Rodel Mendrez, Diana Lopera
Agent Tesla is a common Remote Access Trojan (RAT) discovered in 2014. This ...
Patch Tuesday, February 2021
February 09, 2021 | Karl Sigler
February is here and with it comes a relatively light Patch Tuesday. Only 56 ...
Full System Control with New SolarWinds Orion-based and Serv-U FTP Vulnerabilities
February 03, 2021 | Martin Rakhmanov
Updates: This blog post was updated Feb. 9 to include Proof-of-Concept (PoC) ...
Cloudy with a Chance of Persistent Email Access
January 29, 2021 | Partha Alwar and Carly Battaile
How an advanced threat group leveraged Microsoft Azure to gain persistent ...
APT X – Process Hollowing
January 27, 2021 | Faisal Tameesh
A detailed walkthrough of the process hollowing injection technique.
TeamTNT delivers malware with new detection evasion tool
January 27, 2021 | Ofer Caspi
Executive Summary LevelBlue Labs™ has identified a new tool from the TeamTNT ...
A Global Perspective of the SideWinder APT
January 13, 2021 | Tom Hegel
LevelBlue Labs has conducted an investigation on the adversary group publicly ...