Category: SANS Full Feed

In September, Cisco published an advisory noting two vulnerabilities [1]: CVE-2024-20439: Cisco Smart Licensing Utility Static Credential Vulnerability CVE-2024-20440: Cisco Smart Licensing Utility Information Disclosure Vulnerability These two vulnerabilities are somewhat connected. The first one is one of the many backdoors Cisco likes to equip its products with. A simple fixed password that can be…

Read More

One of my hunting rules triggered some suspicious Python code, and, diving deeper, I found an interesting example of DLL side-loading. This technique involves placing a malicious DLL with the same name and export structure as a legitimate DLL in a location the application checks first, causing the application to load the malicious DLL instead of…

Read More

I wanted to figure out how to statically decode the GUID encoded shellcode Xavier wrote about in his diary entry “Shellcode Encoded in UUIDs“. Here is the complete Python script: I use re-search.py to select the GUIDs: I then decode the hexadecimal data with my tool hex-to-bin.py. Option -H is needed to ignore all non-hexadecimal…

Read More

Last October, Forescout published a report disclosing several vulnerabilities in DrayTek routers. According to Forescount, about 700,000 devices were exposed to these vulnerabilities [1]. At the time, DrayTek released firmware updates for affected routers [2]. Forescout also noted that multiple APTs targeting devices.  Interestingly, Forescout’s report used the URL “/cgi-bin/malfunction.cgi”, a URL returning a 404 status…

Read More