Blogs

On the morning of December 12th, 2018, the CRITICALSTART CYBERSOC began seeing the resurgence of a prolific phishing campaign. This campaign included malware variants such as DRIDEX & URSNIF, both common Banking Trojans used in macro-based attacks. These files are observed hiding with macro-enabled documents or downloaded after the code executes, requesting the host reach out to a C2 domain.

Background:

During a recent penetration test for a client, I came across a tool called MigrationTool from Palo Alto Networks. The tool was littered with issues, like the unauthenticated disclosure of passwords, hashes, versions, and more that were uncovered.

Today being the National Day of Giving, we come together to celebrate the gift of generosity and contribution. For CRITICALSTART, the day takes on special significance this year as we rally to support a member of our own family.

Background:

CVE Numbers:

Security awareness training is broken.

Exploits for network devices including routers, switches, and firewalls have been around for as long as networking has been a thing. It seems like every week a researcher discloses a new vulnerability or publishes proof of concept (PoC) code online for these types of devices, and that is exactly what is happening in this article.

Introduction

Finding Linux servers heavily reliant on Sudo rules for daily management tasks is a common occurrence. While not necessarily bad, Sudo rules can quickly become security’s worst nightmare. Before discussing the security implications, let’s first discuss what Sudo is.

Defining Sudo

In the age of the breach, it’s a safe assumption that almost every public accou

An evolution has occurred with the p

You’ve purchased a next-generation firewall

Everyone should be wary of downloading, installing, or running unknown scripts