The Click Heard Around the World
On April 19, 1775, the American Revolutionary War began at Middlesex County in the Province of Massachusetts Bay. While it’s actually hard to define a specific “first shot”, Ralph Waldo Emerson immortalized his view of the event in the “Concord Hymn” which begins with the following familiar stanza: By the rude bridge that arched the […]
North Korean Lazarus APT phishing defense contractors
A new cyber attack campaign launched by North Korean APT Lazarus Group is targeting the military defense industry. Lazarus weaponized two documents related to job opportunities from Lockheed Martin in the spear phishing attack. The discovery was made January 18, 2022. Here’s what you need to know: What might the hackers be looking for? North […]
Log4J Detector Tool
Summary The Log4Shell vulnerability exposed a remote code execution condition in multiple versions of the popular Apache Log4J2 logging library. Disclosure of the vulnerability and patch release were followed shortly by broad exploitation. Attackers reportedly ranged from hobbyists to mature adversaries. Obfuscation of attack traffic and sophisticated weaponization of the exploit soon followed. Companies were […]
Log4j vulnerability: Lessons learned in a week
Introduction In this blog post, Praetorian reflects on customer challenges, successes, and lessons learned from our response to the Log4j industry-wide response. Background On the Friday evening of December 10th, Praetorian research and development teams sprang into action, confirming vulnerable systems or exposed vulnerable endpoints for a large number of organizations. It is our belief […]
Log4j 2.15.0 stills allows for exfiltration of sensitive data
The Apache Software Foundation announced a new vulnerability in Log4j – CVE-2021-45046 – on December 14th. The vulnerability as described states that Log4j 2.15.0 can allow a local Denial of Service attack, but that impacts are limited. However, in our research we have demonstrated that 2.15.0 can still allow for exfiltration of sensitive data in […]
Log4j Update: False Negatives and Additional Recommendations
We had a busy weekend here at Praetorian. Following the initial disclosure of the Log4j (Log4Shell)* vulnerability, we’ve added a capability to identify the issue to our attack surface enumeration tool. As we scanned production environments for the vulnerability over the weekend we’ve learned a lot more about how the issue can actually look in […]
Log4j: It’s worse than you think
On December 9th, 2021, a new 0-day vulnerability in the popular Java logging package log4j v2.x was announced. The vulnerability is particularly unpleasant as exploitation frequently requires only the ability to cause the system to log an attacker controlled string to a vulnerable logging instance. Thus, the routes of exploitation are broad and often require […]
Introducing Snowcat: World’s First Dedicated Security Scanner for Istio
Why Service Meshes Matter Over the last few years, the pace of moving workloads to the cloud has continued to accelerate. Mostly, this has been a boon for innovation, allowing complex monolithic on-prem instances to be broken into microservice architectures, which provide decoupling, agility, and stability. From a development perspective, life has in some ways […]
How to Write and Execute Great Incident Response Playbooks
Introduction Security incidents of any magnitude are bound to happen within any organization, and they should be thoroughly investigated to prevent and protect critical data, resources and services. While it is hard to fully automate the investigation process, we can always introduce scripted plays for common occurrences we might come across – that is where […]
How to Detect and Dump Credentials from the Windows Registry
There are several post-exploitation techniques that an attacker can utilize to gather information and compromise assets. One of these techniques is OS credential dumping, and some relevant areas of interest are the Windows Registry and the LSASS process memory. By obtaining additional credentials, an attacker could look to move laterally in the environment by utilizing […]