We recently assessed the security posture of Electronic Arts Origin Client and discovered a privilege escalation issue that would allow a low privilege attacker to elevate privileges to NT AUTHORTY\SYSTEM. This has been [...]
The OpenConnect VPN client, on all supported platforms, suffered from a possible information leak that could result in an attacker with elevated local privileges obtaining plaintext credentials. This VPN security vulnerability has now [...]
Avecto Defendpoint is an endpoint protection product which, according to the Avecto website, will: “Prevent breaches without hindering productivity. Avecto combines best-in-class privilege management and application control, making admin rights removal simple and [...]
Nettitude’s red team engagements are typically designed to be as highly targeted and as stealthy as possible. For the command and control (C2) infrastructure, this means layering several techniques. We hide all of [...]
We’ve recently been conducting some reverse engineering and vulnerability analysis on an Anti Virus (AV) product and wanted to attach Rohitab API Monitor to one of the AV’s running processes so that I [...]
In the last few days, Nettitude’s threat intelligence platform has picked up a mass phishing campaign – involving the distribution over nearly two million individual emails – targeting HMRC customers. The attackers attempt [...]
Overview Two years after first gaining notoriety, the Pony Botnet remains very active. The malware is primarily targeted at the theft of user credentials from applications such as web browsers and email applications, [...]
At Nettitude we collect a large amount of malware binary samples, both from our Honeypot network, from our customers and from incident response. One of the first steps we take is to calculate [...]
Hooking can be used by legitimate software for reverse engineering, for example, to examine the user mode function calls that a malicious program is making. It can also be used by a malicious [...]
In a previous blog post I gave a high level overview of DLL injection, what it is used for and how it might be achieved. More than one method exists to get our [...]