My Weekly Roundup #147
Cobalt Strike Analysis and Tutorial: CS Metadata Encoding and Decoding
Cobalt Strike is commercial threat emulation software that emulates a quiet, long-term embedded actor in a network. This actor, known as Beacon, communicates with an external team server to emulate command and control (C2) traffic.
NetDooka Framework Distributed via PrivateLoader Malware as Part of Pay-Per-Install Service
We recently encountered a fairly sophisticated malware framework that we named NetDooka after the names of some of its components.
Analyzing BlackByte Ransomware’s Go-Based Variants
BlackByte is a Ransomware-as-a-Service (RaaS) group that has been targeting corporations worldwide since July 2021. Previous versions of the ransomware were written in C#. More recently, the authors redeveloped the ransomware using the Go programming language.
White House wants nation to prepare for cryptography-breaking quantum computers
A memorandum issued Wednesday by President Joe Biden orders federal agencies to ramp up preparations for a day when quantum computers are capable of breaking the public-key cryptography currently used to secure digital systems around the world.
What’s behind the record‑high number of zero days?
Organizations need to get better at mitigating threats from unknown vulnerabilities, especially as both state-backed operatives and financially-motivated cybercriminals are increasing their activity Zero-day vulnerabilities have always had something of a special reputation in the cybersecurity spac
A new secret stash for “fileless” malware
In February 2022 we observed the technique of putting the shellcode into Windows event logs for the first time “in the wild” during the malicious campaign. It allows the “fileless” last stage Trojan to be hidden from plain sight in the file system.
Compromised Docker Honeypots Used for Pro-Ukrainian DoS Attack
Container and cloud-based resources are being abused to deploy disruptive tools. The use of compromised infrastructure has far-reaching consequences for organizations who may unwittingly be participating in hostile activity against Russian government, military and civilian targets.
Nozomi Networks Discovers Unpatched DNS Bug in Popular C Standard Library Putting IoT at Risk
In reference to line #1309, at the first DNS request, the “local_id” variable is initialized with the value of the transaction ID of the last DNS request (“last_id”). Line #1320 is the actual core of the vulnerability: “local_id” is updated by incrementing its old value by 1.
UNC3524: Eye Spy on Your Email
Since December 2019, Mandiant has observed advanced threat actors increase their investment in tools to facilitate bulk email collection from victim environments, especially as it relates to their support of suspected espionage objectives.
AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell
While AvosLocker has been documented for its abuse of AnyDesk for lateral movement as its preferred application, we note that other remote access applications can also be abused to replace it.
China Orders Government, State Firms to Dump Foreign PCs
China has ordered central government agencies and state-backed corporations to replace foreign-branded personal computers with domestic alternatives within two years, marking one of Beijing’s most aggressive efforts so far to eradicate key overseas technology from within its most sensitive organs.
Someone Turned Their Imaginary Friend Into an AI Microwave and It Wanted to Kill Them
Someone used AI to bring their imaginary childhood friend – a microwave – to life but things took a serious turn when the kitchen appliance tried to kill its creator.
This project provides a collection of Microsoft Windows kernel structures, unions and enumerations. Most of them are not officially documented and cannot be found in Windows Driver Kit (WDK) headers. The target audience of this site is driver developers and kernel researches.
GitHub will require all code contributors to use two-factor authentication
GitHub, the code hosting platform used by tens of millions of software developers around the world, announced today that all users who upload code to the site will need to enable one or more forms of two-factor authentication (2FA) by the end of 2023 in order to continue using the platform.
Robert ‘RazerGuy’ Krakoff, RIP
Robert Krakoff, arguably the father of the gaming mouse, has died aged 81. Although he didn’t invent the concept, “RazerGuy” did as much as anyone to popularize it. Krakoff was working at a company called Karna which developed a mouse specifically aimed at gaming.
Microsoft 3D Movie Maker
Released in 1995, this is the original source code to the Microsoft 3D Movie Maker project, now released under the MIT license as open source. This project is unlikely to build successfully under modern hardware/software, but you can get started with compilation and get partial completed binaries.
Call of Duty’s anti-cheat system is now preventing cheaters from seeing opponents in-game
As part of its ongoing war against cheaters, the team behind Call of Duty’s server-side and kernel-level anti-cheat solution has announced it’s implemented a new mitigation technique, known as Cloaking, that will prevent cheaters from seeing opponents during a match.
Netflix is still pushing Netflix Games in the wake of subscriber losses
Netflix has announced that yet another game has been added to the Netflix Games catalog, despite the service hemorrhaging subscribers.
Strange New Worlds’ Showrunner on Why Now Was the Time to Return to Classic Trek
Star Trek: Strange New Worlds makes a lot out of its return to a formula that has worked for generations of Star Trek shows, hewing more towards an episodic structure than its serialized siblings in the current crop of Trek series.