Blogs

This year’s 

Introduction

Background
While conducting a penetration test for a customer, I encountered an unused developer forum using JForum version 2.1.8 and started looking for vulnerabilities within the application.

Version Tested: 2.1.8

CVE Number: CVE-2019-7550

Background

In my previous life, I spent a lot of time analyzing malware and figuring out how it worked in order to defend against it. One trend that has increased across the industry is the use of fileless malware and specifically mshta.exe as a method of infection. Now that I’m on offense, I wanted to take some time to flesh out how it could be used in red teaming and adversarial simulation.

From Jonathan Swift’s 

2018 was another year of change in the cybersecurity industry. We’ve had some interesting conversations with customers, partners, providers, and analysts over the past twelve months, and we’re excited about where the industry is headed – at least from our vantage point.

We are all seeing the 2019 prediction stories, and many of the broader trends focus on endpoint security and the impact of staff shortages, to name a few.  

Just over a month ago, Marriott International, one of the world’s largest hotel chains, announced that there was unauthorized access to the database, which contained guest information relating to reservations at Starwood properties on or before September 10, 2018. Among the hotels under the Starwood brand are the W Hotels, St. Regis, Sheraton, Westin, and Design Hotels and Resorts, as well as all Starwood-branded timeshare properties.

On the morning of December 12th, 2018, the CRITICALSTART CYBERSOC began seeing the resurgence of a prolific phishing campaign. This campaign included malware variants such as DRIDEX & URSNIF, both common Banking Trojans used in macro-based attacks. These files are observed hiding with macro-enabled documents or downloaded after the code executes, requesting the host reach out to a C2 domain.

Background:

During a recent penetration test for a client, I came across a tool called MigrationTool from Palo Alto Networks. The tool was littered with issues, like the unauthenticated disclosure of passwords, hashes, versions, and more that were uncovered.

Today being the National Day of Giving, we come together to celebrate the gift of generosity and contribution. For CRITICALSTART, the day takes on special significance this year as we rally to support a member of our own family.