This post describes the techniques, tactics and procedures we observed during recent LAPSUS$ incidents.
Archive
Real World Cryptography Conference 2022
The IACR’s annual Real World Cryptography (RWC) conference took place in Amsterdam a few weeks ago. It remains the best venue for highlights of cryptographic constructions and attacks for the real world. While the conference was fully remote last year, this year it was a 3-day hybrid event, live-streamed from a conference center in charming … Continue reading Real World Cryptography Conference 2022
Mitigating the top 10 security threats to GCP using the CIS Google Cloud Platform Foundation Benchmark
As one of the proud contributors to the newest version of the CIS Google Cloud Platform Foundation Benchmark, I wanted to raise awareness about the new version release of this benchmark [1] by the Center for Internet Security (CIS) and how it can help a company to set a strong security baseline or foundation for … Continue reading Mitigating the top 10 security threats to GCP using the CIS Google Cloud Platform Foundation Benchmark
A brief look at Windows telemetry: CIT aka Customer Interaction Tracker
“Customer Interaction Tracker” is one of the telemetry systems that exist within Windows, responsible for tracking interaction with the system and applications. We provide an overview and means to parse as a data source to aid forensic investigations.
Public Report – Google Enterprise API Security Assessment
During the autumn of 2021, Google engaged NCC Group to perform a review of the Android 12 Enterprise API to evaluate its compliance with the Security Technical Implementation Guides (STIG) matrix provided by Google. This assessment was also performed with reference to the Common Criteria Protection Profile for Mobile Device Fundamentals (PPMDF), from which the … Continue reading Public Report – Google Enterprise API Security Assessment
Conti-nuation: methods and techniques observed in operations post the leaks
This post describes the methods and techniques we observed during recent incidents that took place after the Coni data leaks.
Whitepaper – Double Fetch Vulnerabilities in C and C++
Double fetch vulnerabilities in C and C++ have been known about for a number of years. However, they can appear in multiple forms and can have varying outcomes. As much of this information is spread across various sources, this whitepaper draws the knowledge together into a single place, in order to better describe the different … Continue reading Whitepaper – Double Fetch Vulnerabilities in C and C++
Mining data from Cobalt Strike beacons
Since we published about identifying Cobalt Strike Team Servers in the wild just over three years ago, we’ve collected over 128,000 beacons from over 24,000 active Team Servers. Today, RIFT is making this extensive beacon dataset publicly available in combination with the open-source release of dissect.cobaltstrike, our Python library for studying and parsing Cobalt Strike … Continue reading Mining data from Cobalt Strike beacons
Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)
This blog post describes an unchecked return value vulnerability found and exploited in September 2021 by Alex Plaskett, Cedric Halbronn and Aaron Adams working at the Exploit Development Group (EDG) of NCC Group. We successfully exploited it at Pwn2Own 2021 competition in November 2021 when targeting the Western Digital PR4100.
Tool Release – ScoutSuite 5.11.0
We’re proud to announce the release of a new version of our open-source, multi-cloud auditing tool ScoutSuite (on Github)! The most significant improvements and features added include: CoreImproved CLI options, test coverage and some dependenciesAWSAdded new findings for multiple servicesBug fixesAdded ARNs for all resourcesAzureAdded new findingsBug fixesGCPNew ruleset for GCP CIS version 1.1Added support … Continue reading Tool Release – ScoutSuite 5.11.0