Archive for the ‘Windows Security’ Category

PlugX Malware Sneaks Onto Windows PCs Through USB Devices

PlugX malware has been around for almost a decade and has been used by multiple actors of Chinese nexus and several other cybercrime groups. The Palo Alto Networks Unit 42 incident response team has discovered a new variant of PlugX malware that is distributed via removable USB devices and targets Windows PCs. This should not […]

Leave a Comment

Windows event log analysis and incident response guide

Microsoft Log Parser Toolkit: A Complete Toolkit for Microsoft’s Undocumented Log Analysis Tool Windows Security Monitoring: Scenarios and Patterns Malware Forensics Field Guide for Windows Systems Infosec books | InfoSec tools | InfoSec services

Leave a Comment

Windows 11 is getting ReFS support

Recent Windows 11 Insider builds include support for ReFS, the Resilient File System. The file system is currently only available in Windows server operating systems, but not in client systems. Resilient File System is designed to “maximize data availability, scale efficiently to large data sets across diverse workloads, and provide data integrity with resiliency to corruption” according to Microsoft. […]

Leave a Comment

Microsoft Exchange Vulnerabilities Most Exploited by Hackers Targeting Financial Sector

During the month of November, researchers at the cybersecurity firm LookingGlass examined the most significant vulnerabilities in the financial services industry in the United States. The company looked at assets with public internet-facing assets from more than 7 million IP addresses in the industry and discovered that a seven-year-old Remote Code Execution vulnerability affecting Microsoft Windows […]

Leave a Comment

Windows event log analysis

Windows Security Monitoring: Scenarios and Patterns Malware Forensics Field Guide for Windows Systems Infosec books | InfoSec tools | InfoSec services

Leave a Comment

Active Directory Exploitation Cheat Sheet

https://ethicalhackersacademy.com/blogs/ethical-hackers-academy/active-directory Active Directory is a Microsoft service run in the Server that predominantly used to manage various permission and resources around the network, also it performs an authenticates and authorizes all users and computers in a Windows domain type networks. Recent cyber-attacks are frequently targeting the vulnerable active directory services used in enterprise networks where the organization handling the 1000’s […]

Leave a Comment

Windows: Still insecure after all these years

OPINION: With every Windows release, Microsoft promises better security. And, sometimes, it makes improvements. But then, well then, we see truly ancient security holes show up yet again.  by Steven Vaughan-Nichols For longer than some of you have been alive, I’ve been preaching the gospel of using more secure desktop operating systems. You see, Windows has […]

Leave a Comment

Windows Code-Execution Vulnerability Let Attackers Run Malicious Code Without Authentication

It has recently been discovered by researchers that Windows has a vulnerability that allows code execution that rivals EternalBlue in terms of potential. It is possible for an attacker to execute malicious code without authentication by exploiting this newly-tracked vulnerability CVE-2022-37958.  It is possible to exploit this vulnerability in a wormable way, which can lead to a chain reaction […]

Leave a Comment

Microsoft revised CVE-2022-37958 severity due to its broader scope

Microsoft revised the severity rate for the CVE-2022-37958 flaw which was addressed with Patch Tuesday security updates for September 2022. Microsoft revised the severity rate for the CVE-2022-37958 vulnerability, the IT giant now rated it as “critical” because it discovered that threat actors can exploit the bug to achieve remote code execution. The CVE-2022-37958 was originally classified […]

Leave a Comment

95.6% of New Malware in 2022 Targeted Windows

Malware attacks are a growing problem in our increasingly digital world. By infiltrating computers and networks, malicious software can cause serious harm to those affected by it. One of the most common types of malware is ransomware (encryption-based malware), which prevents users from accessing their files until they pay a hefty fee to the cyber […]

Leave a Comment

ATTACKING ACTIVE DIRECTORY WITH LINUX

Mastering Active Directory: Design, deploy, and protect Active Directory Domain Services for Windows Server 2022

Leave a Comment

An Unofficial Patch Has Been Released for Actively Exploited Windows MoTW Zero-Day

There is an unofficial patch from 0patch for a Zero-Day flaw in Microsoft Windows that allows bypassing the MotW (Mark-of-the-Web) protections that are built into the operating system and at moment it’s actively exploited. By utilizing files signed with malformed signatures, this zero-day flaw is able to bypass MotW protections. Various legacy Windows versions as […]

Leave a Comment

3 types of attack paths in Microsoft Active Directory environments

Attack path types From the perspective of a defender, there are three types of attack paths: Ones that can be fixed in minutes Ones that take days or weeks to resolve, and Ones that can’t be fixed without significant structural changes or breaking critical software. Here’s some background to help understand why they break down […]

Leave a Comment

Windows Event Log Analysis

Trace and Log Analysis: A Pattern Reference for Diagnostics and Anomaly Detection

Leave a Comment

Experts warn of a new stealthy loader tracked as BLISTER

Security researchers spotted a campaign that is employing a new stealthy malware tracked as BLISTER that targets windows systems. Elastic Security researchers uncovered a malware campaign that leverages a new malware and a stealthy loader tracked as BLISTER, that uses a valid code signing certificate issued by Sectigo to evade detection. BLISTER loads second-stage payloads […]

Leave a Comment

Patch these 2 Active Directory flaws to prevent the takeover of Windows domains

Microsoft released an alert on a couple of Active Directory vulnerabilities, that have been fixed with the November 2021 Patch Tuesday security updates, that could allow threat actors to takeover Windows domains. The flaws, tracked as CVE-2021-42287 and CVE-2021-42278, can be chained to impersonate domain controllers and gain administrative privileges on Active Directory. Microsoft is now warning […]

Leave a Comment

‘OMIGOD’ Azure Critical Bugfix? Do It Yourself—Because Microsoft Won’t

Using OMI on Microsoft Azure? Drop everything and patch this critical vulnerability, snappily named OMIGOD. But wait! You probably don’t know whether you’re using OMI or not. Y’see, Open Management Infrastructure (OMI) is often silently installed on Azure—as a prerequisite. And, to make matters worse, Microsoft hasn’t rolled out the patch for you—despite publishing the code a month ago. So much for […]

Leave a Comment

Windows zero-day MSHTML attack

Details are scarce so far, but Microsoft is warning Office users about a bug that’s dubbed  CVE-2021-40444 , and described as Microsoft MSHTML Remote Code Execution Vulnerability. The bug doesn’t have a patch yet, so it’s what’s known as a zero-day, shorthand for “the Good Guys were zero days ahead of the Bad Guys with a patch for […]

Leave a Comment

New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices

Security flaws in commercial Bluetooth stacks dubbed BrakTooth can be exploited by threat actors to execute arbitrary code and crash the devices via DoS attacks. A set of 16 security flaws in commercial Bluetooth stacks, collectively tracked as BrakTooth, can be exploited by threat actors to execute arbitrary code and crash the devices via DoS attacks. The issues […]

Leave a Comment

Windows 11 Security Scare—MS Nixes Fixes on Older PCs

Windows 11 won’t auto-update on slightly old PCs. It appears this includes security updates—although Microsoft PR is doing its usual trick of ghosting reporters who ask. This sounds like a terrible idea: A fleet of unpatched Windows 11 PCs connected to the internet? That’s a recipe for disaster. Stand by for Redmond to walk this one back in an embarrassing climbdown. In […]

Leave a Comment