By Josh Campbell at Cyborg Security
If you have been looking for useful resources for cyber threat hunting, we’ve got you covered. We have put together 4 videos that will help you become a better threat hunter in no time! Join Austin Jackson as he tackles some of the biggest vulnerabilities and techniques that attackers use. Looking at how they work, what they do, and how you can better defend your organizations!
A DEEP DIVE INTO THE SUNBURST BACKDOOR
What cyber threat hunting list wouldn’t be complete without something on SUNBURST?
The SUNBURST implant was a part of the SolarWinds’ supply chain attack. This attack rocked the security industry and is the largest attack on the US government in years! The implant once active would download a secondary Cobalt Strike payload. While the full details will likely remain classified, we take a look at the implant to see what else we could learn.
EXIM MAIL TRANSFER AGENT — THE RETURN OF THE WIZARD!
A vulnerability that anyone in cyber threat hunting should know is CVE-2019–10149. This vulnerability affects one of the most common mail servers on the Internet, Exim. This could allow an attacker to perform remote code execution (RCE) on the server as root. We look at how the vulnerability works, and what the impact is to organizations.
APPLICATION SHIMMING FOR FUN AND PROFIT!
No cyber threat hunting repertoire is not complete without knowledge of application shimming. This is a technique (T1546.011) often used for persistence and privilege escalation. One of the most infamous adversaries to use this technique is FIN7. They used it in their Pillowmint malware that targets point-of-sale systems. Austin dives into this to explore how the technique works. Definitely something everyone in cyber threat hunting should know!
YET ANOTHER APACHE STRUTS VULNERABILITY…
If ever there was a truism in cyber threat hunting it would be that Apache Struts is being targeted. And 2020 was no exception to that rule. Austin takes a hard look at CVE-2020–17530 affecting Apache Struts version 2.0.0–2.5.25. Austin also developed a proof of concept for those in cyber threat hunting to explore how to exploit it.