What Are Bad Bots? A Bot, or internet bot, web bot, and www bot, among other similar terms, is technically a program or software that is designed to perform relatively... The post How to Prevent...

tl;dr: In this writeup I am going to describe how to abuse a GenericWrite ACE misconfiguration in Active Directory to run arbitrary executables. During a recent assessment I found a new way to...

Windows Subsystem for Linux Plan 9 Protocol Research Overview This is the final blog in the McAfee research series trilogy... The post Hunting for Blues – the WSL Plan 9 Protocol BSOD appeared...

The NCSC report highlights the cyber threats faced by the sports sector and suggests how to stop or lessen their impact on organisations.

The McAfee Advanced Threat Research team today published the McAfee® Labs COVID-19 Threats Report, July 2020. In this “Special Edition”... The post McAfee COVID-19 Report Reveals Pandemic Threat...

After the SigRed (CVE-2020-1350) write-up was published by Check Point, there was enough detailed information for the smart people, like Hector and others of the Twitterverse (careful with the...

When conducting a red team exercise, we want to blend in as much as possible with the existing systems on the target network. For most large networks, that means looking like a Windows machine...

Welcome back to part 2.2 of this series! If you have not yet checked out part 1 or part 2.1, please do so first as they highlight important reconnaissance steps as well as the first half of the...

QBot is a modular information stealer also known as Qakbot or Pinkslipbot. It has been active for years since 2007. It has historically been known as a banking Trojan, meaning that it steals...

A summary of the NCSC’s analysis of the May 2020 US sanction which caused the NCSC to modify the scope of its security mitigation strategy for Huawei.

Welcome back to part 2 of this series! If you have not checked out part 1 yet, please do so first, as it highlights important reconnaissance steps!So let us dive right into the IDA adventure to...

I recently tested an Internet facing Anti-Spam product called SpamTitan Gateway. As you could infer from the name of the product, this platform’s purpose was to detect Spam and or other malicious...

Recently, we came across some firmware samples from D-Link routers that we were unable to unpack properly. Luckily, we got our hands on an older, cheaper but similar device (DIR882) that we could...

Intro For the longest time I had the idea to implement a notification system that would alert me if someone ever logged in (or tried to login) to an SSH server or XSession on a machine I...

Note: This is a re-upload of an old write-up.This is another write-up from an interesting little challenge. The original forum post about it can be found here. To get your hands on the challenge...

Note: Re-write/Re-upload due to dead linksThis write up are my thoughts and steps to statically analyze a given unknown binary. I want to understand the binary to a point where I can freely write...

Note: Re-upload due to dead links :) Yo! Life kept me more than busy, but now I've got a little more time on my hands. I decided to do a write up on the following binary, because it taught me some...

In part 1 of this series, we set up the NanoPi R1S as a USB attack tool, covering OS installation, installation of P4wnP1, and even keylogging a “passed through” keyboard. In this part, I am going...

Introduction

I was recently on a mobile assessment where you could only register one profile on the app, per device. To use another account you had to first deactivate the profile and then register a new one....

While working on DoubleAgent as part of the Introduction To Red Teaming course we’re developing for RingZer0, I had a look at Anti-Malware Scan Interface (AMSI) bypasses. One of the objectives I...

Exposed session token in Honeywell ControlEdge PLC and RTU.

Unencrypted password transmission on the network in Honeywell ControlEdge PLC and RTU.

On June 16th, the Department of Homeland Security and CISA ICS-CERT issued a critical security advisory warning covering multiple newly discovered vulnerabilities affecting... The post Ripple20...

SmokeLoader is a well known bot that is been around since 2011. It’s mainly used to drop other malware families. SmokeLoader has been under development and is constantly changing with multiple...

On 2020-06-19, a research was reported, involving , gaining initial access via Software misconfig, to achieve Resp. disclosure.

In 2019, McAfee Advanced Threat Research (ATR) disclosed a vulnerability in a product called BoxLock. Sometime after this, the CEO... The post My Adventures Hacking the iParcelBox appeared first...

Package delivery is just one of those things we take for granted these days. This is especially true in the... The post What’s in the Box? Part II: Hacking the iParcelBox appeared first on McAfee Blog.

According to Kaspersky ICS CERT data, a number of industrial companies are currently experiencing targeted attacks involving the Snake encryption ransomware.

Kaspersky ICS CERT has identified a series of attacks targeting, among others, organizations in various industrial sectors. Victims include suppliers of equipment and software for industrial enterprises.