. An impressive nightmare. Here’s the network from the write up about the .

welivesecurity.com/2023/03/01/

#blacklotus #Bootkit

Last updated 2 years ago

Opalsec :verified: · @Opalsec
169 followers · 79 posts · Server infosec.exchange

Last week's reporting gave a great insight into the level of innovation going on in the cyber crime ecosystem - C2 over MQTT, cryters delivering payloads over SQL connections, and UEFI bootkits that bypass Window's Secure Boot! We've pulled it all together, just for you:

opalsec.substack.com/p/soc-gou

The BlackLotus has been upgraded to exploit a vulnerability in Microsoft's Secure Boot Mechanism, allowing it to persist on fully patched Windows 11 systems. This is enabled in no small part by the failure to update the UEFI revocation list, which allowed the bootkit author to simply load and exploit the vulnerable UEFI components on target systems.

Australia's cyber security laws were "bloody useless" in helping mitigate the Optus and Medibank breaches of 2022, according to the government's Home Affairs Minister. A new "national cyber office", reforms to Critical Infrastructure security laws, and a new Cyber Security Act are all on the table for discussion.

zScaler analysts have picked up on the Snip3 crypter, a Crypter-as-a-Sevice offering which uses multiple obfuscated stages; an AMSI Bypass, and SQL queries to circumvent security controls.

Sysdig share insights from a sophisticated -centric campaign; ESET have uncovered a new backdoor used by China's Mustang Panda () which implements C2 over MQTT, and Team Cymru have again picked apart 's infrastructure to identify key TTPs.

Some interesting supply chain vulnerabilities this week, with bugs found in the ZK web app framework and Trusted Platform Module (TPM) having the potential to affect an untold number of applications and devices.

members will get a kick out of DroppedConnection - a PoC that mimics Cisco AnyConnect VPN to siphon credentials and serve up malware to unwitting victims.

The can look forward to some tips for GCP DFIR, bypassing malware geo-fencing, and tracking cyber criminal infrastructure.

Catch all this and much more in this week's newsletter:

opalsec.substack.com/p/soc-gou

#Bootkit #aws #apt27 #icedid #redteam #blueteam #infosec #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #darkweb #criticalinfrastructure #breach #privacy #australia #crypter

Last updated 2 years ago

Vidmo :donor: :mastodon: · @VidmoOreda
648 followers · 2919 posts · Server infosec.exchange
securityaffairs · @securityaffairs
459 followers · 402 posts · Server infosec.exchange
Ringzer0 · @ringzer0
165 followers · 217 posts · Server infosec.exchange

👢 Ready for a bootcamp? Join the “Practical Firmware Implants and Bootkits” by Mickey Shkatov (@HackingThings) and Jesse Michael, and create your own to boot!

🎟️ ringzer0.training/trainings/pr

#firmare #implants #virtualtraining #Bootkit

Last updated 2 years ago