HackDig : Dig high-quality web security articles for hackers

Security Advisories for Ivanti DSM Suite

From the end of 2019 on, we reported two critical vulnerabilities in the Ivanti DSM Suite to the vendor. The following CVE IDs were assigned to the issues (but note that they have a status of RESERVED, i.e. titles and descriptions may change in the future): CVE-2020-12441: Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control 7.4 CVE-2020-13
Publish At:2020-06-24 07:58 | Read:57 | Comments:0 | Tags:Misc

ERNW SecTools, Active Directory Security and the Corona Pandemic

SARS-CoV-2 and Covid-19 changed a lot in our actual life and it challenges us all from different perspectives like health, economical and social ones. We also believe that live will change persistently in the future due to the Corona pandemic, it will affect the way we work, the way we meet in the business world and how we will prepare for these kind of cris
Publish At:2020-03-30 14:08 | Read:287 | Comments:0 | Tags:Misc

Dog Whisperer Update

With the current situation, it’s not easy to find the right angle to start this blog post, so I won’t even try… but with Troopers cancelled, my Bloodhound workshop went down the drain, and I didn’t get a chance to meet or catch up with all of you and share my latest BloodHound adventures. So I decided to write a quick post to share al
Publish At:2020-03-26 11:29 | Read:294 | Comments:0 | Tags:Misc Acitve Directory BloodHound

VMware NSX-T Distributed Firewall can be bypassed by default

We recently came across an issue when playing around with VMware NSX-T which not anyone might be aware of when getting started with it. Because many of our customers start with transitioning to NSX-T, we want to share this with you. In short, the Distributed Firewall (DFW) of NSX-T can be easily bypassed in the default configuration because it only works eff
Publish At:2020-03-23 03:50 | Read:519 | Comments:0 | Tags:Misc Bypass Distributed Firewall NSX-T SwitchGuard VMware

Windows Insight: The Windows Telemetry ETW Monitor

The Windows Insight repository now hosts the Windows Telemetry ETW Monitor framework. The framework monitors and reports on Windows Telemetry ETW (Event Tracing for Windows) activities – ETW activities for providing data to Windows Telemetry. It consists of two components: the Windbg Framework: a set of scripts for monitoring Windows Telemetry ETW act
Publish At:2020-01-14 12:20 | Read:486 | Comments:0 | Tags:Misc Windows

TROOPERS20 Training Teaser: Swim with the whales – Docker, DevOps & Security in Enterprise Environments

Containerization dominates the market nowadays. Fancy buzzwords like continuous integration/deployment/delivery, microservices, containers, DevOps are floating around, but what do they mean? What benefits do they offer compared to the old dogmas? You’re gonna find out in our training! We are going to start with the basics of Docker, Containers and DevO
Publish At:2019-12-02 05:15 | Read:1275 | Comments:0 | Tags:Misc DevOps Docker K8 kubernetes TROOPERS TROOPERS20

Windows Insight: Code integrity and WDAC

The Windows Insight repository now hosts three articles on Windows code integrity and WDAC (Windows Defender Application Control): Device Guard Image Integrity: Architecture Overview (Aleksandar Milenkoski, Dominik Phillips): In this work, we present the high-level architecture of the code integrity mechanism implemented as part of Windows 10. Windows Defen
Publish At:2019-11-12 00:15 | Read:907 | Comments:0 | Tags:Misc Windows

Dissection of an Incident – Part 2

After our last blogpost regarding Emotet and several other Emotet and Ransomware samples that we encountered, we recently stumbled across a variant belonging to the Gozi, ISFB, Dreambot respectively Ursnif family. In this blogpost, we want to share our insights from the analysis of this malware, whose malware family is mainly known for being a banking trojan
Publish At:2019-11-12 00:15 | Read:1046 | Comments:0 | Tags:Misc forensics incident incident analysis malware

Medical Device Security Summit 2019, 19th of November of 2019

*This event will be held in German* Inspiriert durch die erfolgreichen Round-Table-Diskussionen der TROOPERS-Konferenz freuen wir uns, Ihnen heute mit dem Medical Device Security Summit 2019, eine weitere Veranstaltung in einer Reihe zu Trend-Themen im Bereich der IT-Sicherheit vorzustellen. Die Veranstaltung beginnt am Morgen mit einem Eröffnungsvortrag vo
Publish At:2019-10-09 12:15 | Read:947 | Comments:0 | Tags:Misc

Emotet at Heise, Emotet there, Emotet everywhere – Dissection of an Incident

After the Emotet Incident at Heise, where ERNW has been consulted for Incident Response, we decided to start a blogpost series, in which we want to regularly report on current attacks that we observe. In particular we want to provide details about the utilized pieces of malware, different stages, and techniques used for the initial infection and lateral move
Publish At:2019-09-19 17:15 | Read:853 | Comments:0 | Tags:Misc emotet heise incident incident analysis malware

LibreOffice – A Python Interpreter (code execution vulnerability CVE-2019-9848)

While waiting for a download to complete, I stumbled across an interesting blogpost. The author describes a flaw in LibreOffice that allowed an attacker to execute code. Since this was quite recent, I was interested if my version is vulnerable to this attack and how they fixed it. Thus, I looked at the sources and luckily it was fixed. What I didn’t know bef
Publish At:2019-09-19 17:15 | Read:652 | Comments:0 | Tags:Misc LibreOffice vulnerability Vulnerability

A Follow-Up on the Heisec Webinar on Emotet & Some Active Directory Security Sources

Some weeks ago, Heinrich and I had the pleasure to participate in the heisec-Webinar “Emotet bei Heise – Lernen aus unseren Fehlern”. We really enjoyed the webinar and the (alas, due to the format: too short) discussions and we hope we could contribute to understand how to make Active Directory implementations out there a bit safer in the f
Publish At:2019-09-19 17:15 | Read:662 | Comments:0 | Tags:Misc Active Directory emotet heise incident

PSD2 – Mandatory Account Access for Third Party Providers

On September 14th the final deadline of complying with the new Payment Service Directive PSD2 will be reached. Among other things, this directive will bring quite a few technical challenges for credit institutions. These include new requirements on two-factor authentication and API access for third parties. In this blog post we will give a short overview of
Publish At:2019-09-19 17:15 | Read:887 | Comments:0 | Tags:Misc banking finance web

Georg Lukas: Multi-window Mutt with Screen

As a long-time Mutt user I always looked with envy atyou Thunderbird and Kmail and what-not fans, as you could spawn new windows forreading and writing e-mails with a mere click (or sometimes a double-click).It was just too bothersome to have $EDITOR block my inbox until I finishwriting or give up and postpone the mail, losing track. As I am usingScreen
Publish At:2014-08-10 17:26 | Read:4870 | Comments:0 | Tags:misc net


Share high-quality web security related articles with you:)