Emerging Threats//
CrazyHunter Ransomware
CrazyHunter is a ransomware campaign targeting healthcare that weakens endpoint defenses and escalates privileges before encrypting systems at scale.
If you have been looking for useful resources for cyber
threat hunting
, we’ve got you covered. We have put together 4 videos that will help you become a better threat hunter in no time! Join Austin Jackson as he tackles some of the biggest vulnerabilities and techniques that attackers use. Looking at how they work, what they do, and how you can better defend your organizations!
[hubspot type=cta portal=7924572 id=8ea21f7e-1fcf-403b-b087-053630db1c89]
A Deep Dive into the SUNBURST Backdoor
https://www.youtube.com/watch?v=ONd0ERCUy0k&t=1s What cyber threat hunting list wouldn’t be complete without something on SUNBURST? The SUNBURST implant was a part of the SolarWinds’ supply chain attack. This attack rocked the security industry and is the
largest attack on the US government in years
! The implant once active would download a secondary Cobalt Strike payload. While the full details will likely remain classified, we take a look at the implant to see what else we could learn.
Exim Mail Transfer Agent - The Return of the WIZard!
https://www.youtube.com/watch?v=1j6q4HJDjc8 A vulnerability that anyone in cyber threat hunting should know is CVE-2019-10149. This vulnerability affects one of the most common mail servers on the Internet, Exim. This could allow an attacker to perform remote code execution (RCE) on the server as root. We look at how the vulnerability works, and what the impact is to organizations.
Application Shimming for Fun and Profit!
https://www.youtube.com/watch?v=UHcS_8nLr74 No cyber threat hunting repertoire is not complete without knowledge of application shimming. This is a technique (
T1546.011
) often used for persistence and privilege escalation. One of the most infamous adversaries to use this technique is FIN7. They used it in their Pillowmint malware that targets point-of-sale systems. Austin dives into this to explore how the technique works. Definitely something everyone in cyber threat hunting should know!
Yet Another Apache Struts Vulnerability...
https://www.youtube.com/watch?v=zriV225C5AA If ever there was a truism in cyber threat hunting it would be that Apache Struts is being targeted. And 2020 was no exception to that rule. Austin takes a hard look at CVE-2020-17530 affecting Apache Struts version 2.0.0-2.5.25. Austin also developed a
proof of concept
for those in cyber threat hunting to explore how to exploit it.
Conclusion
The one rule for those in the field of threat hunting is to never stop learning! Cyborg Security continues to put out content aimed at hunters in our Cyborg Labs blogs! If you want to dive into more threat hunting content, check out our latest threat hunting how-to. In it we explore methods for hunting for
persistence in the registry
.
[hubspot type=cta portal=7924572 id=ae832f8f-83db-4b26-8f4d-f37f258623e2]