Structured Threat Information eXpression (STIX) is a way to organize digital information so entities, such as businesses and government agencies, can easily understand and share actionable information regarding cybersecurity attacks, such as information regarding threat actors.
In part II of this three-part series, we dive deeper into hands on examples of identifying usage of named pipe servers within applications using a custom vulnerable application. The methods covered to achieve this goal is through usage of both dynamic and static analysis.
Microsoft Windows Interprocess Communications (IPC)
In this three-part blog series, we will discuss the mechanics of Windows pipes and how they can be abused by attackers to gain privileged access.
Threat models are often used by security champions to discover flaws in application environments. Many threat models are built thru defensive lens, foregoing realistic attack patterns that reflect adversarial goals vs. simply using a limited, non-mutable threat category.
N-Day Vulnerabilities and Exploits
VerSprite’s Research team uncovers silently patched information leak within Win32k Windows 10 v1709 to v1903. Exploitation of this vulnerability allows attackers to leak the value of win32kbase!gahDpiDepDefaultGuiFonts. Read the N-Day vulnerability and exploit analysis here.
Transport Layer Security (TLS)
Even if your organization is running a backend web service that doesn’t support HTTPS, there are still options to use HTTPS, such as using Let’s Encrypt and Nginx. Transport Layer Security (TLS) is very important (even if you are behind a firewall and have IP whitelisting) to protect your website from malicious code injections.
Many organizations are operating in a grey area, both ethically and legally, in terms of how they are managing consumer data. What data is being collected and stored? Data privacy is more than compliance – businesses should consider marketing benefits associated with handling data in a confidential manner.
Exploitation of Vulnerabilities
During adversarial attack simulations harvesting credentials through phishing are often performed through cloned websites. A cloned website works by copying the front-end (such as the Gmail login page) and hosting it on a domain designed to mimic the real domain.
Many sources estimate a 78% increase in supply chain attacks. Learn about the top issues related to supply chain cybersecurity threats and discover how geopolitical risk and cybersecurity converge in the supply chain space.
We are an international squad of professionals working as one.
Copyright 2019 VerSprite - All Rights Reserved