0xthiebaut - Network
Subscribe
https://infosec.exchange/@0xThie... Subscribe
We're still discovering further ramifications to #Ivanti's #PulseSecure vulnerabilities (#CVE_2023_46805 & #CVE_2024_21887). In...
https://infosec.exchange/@0xThie...We're still discovering further ramifications to #Ivanti's #PulseSecure vulnerabilities (#CVE_2023_46805 & #CVE_2024_21887). In February, we identified two new backdoors: #SparkCockpit & #SparkTar. Both backdoors employ selective interception of TLS communication, offer multiple degrees of persistence and access possibilities into the victim network (e.g., traffic tunneling through SOCKS proxy).
👀 Analysis & detection rules at https://blog.nviso.eu/2024/03/01/covert-tls-n-day-backdoors-sparkcockpit-sparktar/
The findings of our investigation have been independently corroborated by the research performed by Mandiant and have partially been observed by Fortinet.
#threatintel #forensics #reverseengineering
1.3.2024 14:51We're still discovering further ramifications to #Ivanti's #PulseSecure vulnerabilities (#CVE_2023_46805 & #CVE_2024_21887). In...https://infosec.exchange/@0xThie...
To add news/posts to your profile here, you must add a link to a RSS-Feed to your webfinger. One example how you can do this is to join Fediverse City.