CVE2022-30190
Have this video in English and Japanese covering the Follina vulnerability and the PoC presented by John Hammond on YouTube. All the links and write-up are included in the YouTube description. Enjoy! Continue reading CVE2022-30190
Author: SysRisk
Reverse, Malware Development, Red Team Ops, Security Operations Management
Sticky post
Five Hacking Tips – PWNKIT
Pulling the PoC from Github, compiling, and running on Linux to get instant privilege escalation. Continue reading Five Hacking Tips – PWNKIT
Five Hacking Tips
This time we cover BloodHound and AD enumeration, escalation and taking full control. Continue reading Five Hacking Tips
Five Hacking Tips – GRC is NOT Cybersecurity
Cybersecurity is NOT GRC is NOT Cybersecurity. Continue reading Five Hacking Tips – GRC is NOT Cybersecurity
Attack Surface Analysis
We often get caught up in the daily shuffle and forget the basics. Attack surface analysis is one of those cyberdefense leadership basics that just does not get the attention it deserves. Let’s be very basic to start, so we … Continue reading Attack Surface Analysis
Are You Sinking DNS?
Summary Over the past month I have been incrementally experimenting with C2 and file transfer to a rogue authoritative DNS server. DNSlivery does the job of downloading a stager to grab the larger dnscat2.exe file, but we found that Mcaffee readily detected the dnscat2 executable and MS Defender did not detect the malicious tool. In this writeup I will walk you through setup and operation of DNSlivery, then how to use this tool to stealthily download a simple staging script to download the larger dnscat2.exe executable. DNSlivery To get started, understand the requirements:You need a domain name that you control … Continue reading Are You Sinking DNS?
Event Management Workflow
When implementing a new security technology or process, such as data leakage prevention (DLP) solutions, or trying to get a patch management program started, we immediately see additional human resource requirements in medium or large sized organizations. Here are the main reasons why and how to overcome the human resource requirement and workflow challenges. Continue reading Event Management Workflow
Timely, Consistent, and Accurate Event Handling
One of the things that we see when responding to security events is that each event is unique, which makes it interesting. There are silos, for example within DLP we have egress unencrypted email attachment as one silo, then have egress unencrypted one’s own personal information, egress encrypted potentially secret, egress unencrypted secret, and maybe one or two others. Below is a chart for the Private Information Domain when performing data leakage prevention measures and analyzing data coming in but only one domain. There are others related to egress of company secret IP and other types of information that should be encrypted via email. Continue reading Timely, Consistent, and Accurate Event Handling
Consistent Event Management
The balance in handling incidents comes in at the analysis phase where you start out looking for anything, but even parts of this phase involve procedures – ensuring that triage is complete, the required level of system isolation or sandboxing is setup, backup copies are preserved, and other details. Up to that phase, where events are raised, reviewed, and escalated/closed requires a consistent approach, because during the event handling phase inconsistent handling could break down the whole basis for reporting the incident in the first place. Incidents require resources to review, analyze, report, and close, and most of those resources are not expected to handle incidents full-time. Continue reading Consistent Event Management
Human Intervention In Event Analysis
The argument on this subject consistently goes both ways. On one hand we have the machine learning and artificial intelligence technologists that would argue against human intervention. Then on the other hand, there are professionals that argue when machines handle event analysis alone, that too many false positives come forward (that is poor filtering, actually), or too many false negatives may consistently go undetected. The operational word in that last sentence meaning “consistently”. Consistency is where a machine outperforms the human counterpart, but the types of events is rather vast. Eventually, you could map out a massive logic flow but the more difficult challenge would be to update such a workflow for changing technology, processes, people, and attack vectors. Continue reading Human Intervention In Event Analysis
Blog 