Key findings The online presence of “all_father”, the user advertising PandorahVNC. The capabilities of PandorahVNC and other known threat actors that were observed using it. An infrastructure related to PandorahVNC which is advertised as “anonvnc” and is linked with...
Key findings Code Signing Technology allows developers to digitally sign their programs, ensuring authenticity and integrity. This can be exploited by malicious actors to bypass security measures, gain privileges, and deceive users with seemingly legitimate...
Key findings How a pivot on the Whois of the C2 domains of Matanbuchus can be leveraged to anticipate future campaigns and wider threats. A seemingly Russia-based Bulletproof hosting service is currently used by impactful intrusion sets leveraging Matanbuchus and...
On January 10, 2024, Ivanti issued a warning regarding two high-severity zero-day vulnerabilities (CVE-2023-46805 and CVE-2024-218871) in Ivanti Connect Secure VPN. These vulnerabilities allow for authentication bypass and command injection within the web components...
ThreeAM ransomware Key findings In this report are presented: Intrinsec’s CTI analysts unveil a new extortion scheme being tested by ThreeAM via X (previously known as Twitter). Bots could have been used to automatically name and shame amongst followers of its...
Cette publication est la partie 1 de 3 dans la série Kerberos OPSECWe are starting a series of articles in which we share a summary of the OPSEC practices to be taken into account on the red team side, and the detection strategies that can be put in place by SOC teams...
Context During the first half of 2023, CERT Intrinsec handled several incidents involving Akira ransomware group. Companies detected ransomware’s presence, either by reacting to alerts triggered by their security solutions, or, in worst case, by encountering...
Introduction du dispositif Cyberscore Alors que nous vivons dans un monde de plus en plus numérisé, la question de la sécurité de nos données personnelles demeure au cœur des préoccupations. Qui n’a pas entendu parler d’une cyberattaque ces dernières années ? C’est...