What is PrintNightmare? PrintNightmare (CVE-2021-34527) is a recently discovered vulnerability, affecting the Microsoft Windows Print Spooler Service. It allows threat actors to run arbitrary code on any device with Print Spooler service enabled with SYSTEM level privileges via Remote Code Execution (RCE) after obtaining initial access. The vulnerability allows attackers to load a DLL into […]
A hunting query to identify post-exploitation activities Customized Detection Strategy (DeStra) to detect future exploitation attempts On the 11th of March, Microsoft reported an active exploitation campaign of several zero-day vulnerabilities affecting on-premise versions of Microsoft Exchange Servers allegedly from a state-sponsored adversary, HAFNIUM. The attack starts by exploiting vulnerabilities — CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and […]
During an analysis of different remote desktop trojans we came across an interesting attack-chain which leverages an RTF that exploits CVE-2017-8759 to deliver DarkVNC, a malicious version of the well-known VNC, designed to silently remote-control a victim.