MITRE ATT&CK. Source: attack.mitre.org

Summary

This blog discusses a Linux reflective code loading technique newly added in the MITRE ATT&CK framework v10 update. Our research team contributed this technique to the MITRE ATT&CK organizers to help improve the industry standard.

Reflective code loading allows threat actors to execute file-based malware without touching the disk! We…

Image: https://www.bleepingcomputer.com/

Background

Recently, a few vulnerabilities in Azure (named: OMIGOD) were discovered by Wiz’s research team:

These vulnerabilities exist in the ubiquitous software…

A container wide open. source: technadu.com

Introduction

The simplicity and flexibility of microservice architecture has led to an increasing adoption of containers and kubernetes in the cloud. According to Gartner, more than 75% of global organizations will be running containerized apps in production by 2022.

As the adoption increases, threat actors are evolving their toolsets to compromise…

Photo: https://meterpreter.org/

A heap overflow vulnerability in sudo was recently discovered (CVE-2021-3156, named: Baron Samedit). By exploiting this vulnerability, any unprivileged user can use the default sudo configuration to obtain root privileges (no password required) on the vulnerable host.

Interestingly, the sudo privilege escalation vulnerability remained undiscovered for nearly ten years. It…

Rex Guo

Head of Research @ Confluera | Ex-Cisco Acquisition | Ex-Intel Security | @Xiaofei_REX

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store