Talos is publishing a glimpse into the most prevalent threats we’ve observed between Aug. 2 and Aug. 9. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioural characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
If you own a device, or a hardware component, manufactured by ASUS, Toshiba, Intel, NVIDIA, Huawei, or other 15 other vendors listed below, you’re probably screwed. A team of security researchers has discovered high-risk security vulnerabilities in more than 40 drivers from at least 20 different vendors that could allow attackers to gain most privileged permission on the system and hide malware
Nmap is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
Researchers have uncovered some potentially serious SQLite vulnerabilities and they have demonstrated their findings by hacking an iPhone and a command and control (C&C) server used by malware. read more…
The final post in FireEye’s three-part series on Windows 10 memory forensics. This last part looks at how to automate the extraction of undocumented structures from deep within memory using the tools introduced in the earlier parts.
Check out the FireEye presentations at BlackHat and DefCon.
Read the second part of this series from FireEye looking into memory forensics in Windows 10. This ties in with their presentation at this year’s BlackHat USA 2019 in Las Vegas.
Sophos reports that Microsoft are making good on their promise to kill off everyone’s favourite scripting language, VBScript.
On August 2nd Microsoft pushed the ‘off-button’ on Window 8 / 8.1 devices.
You can still use it if you are that perverted, but you need to do some serious GPO fiddling.
Check out their report.
AttackSurfaceMapper is an OSINT reconnaissance tool for use in the initial stages of a penetration test. I suppose it could also be used by internal teams to monitor an organisation’s digital footprint and attack surface for changes over time.
This version requires python3 and has just been released on Github.
The latest version of Scapy, a python-based PCAP packet manipulation tool, has been released on Aug 07.
Scapy enables scanning, fingerprinting, sniffing and packet forging. Scapy required python and runs on pretty much any platform that support python. The documentation is rich and details and covers all the major features.
Check out the installation page for detail about the latest releases and any known bugs.
Download and installation details can be found here.