Archives des CERT

Addressing Forensic Challenges in Ivanti Pulse Secure Environments with Automated AES Key Recovery

par Equipe CERT | Mar 14, 2024 | Actualités, Engineering, Recherche et Développement, CERT

On January 10, 2024, Ivanti issued a warning regarding two high-severity zero-day vulnerabilities (CVE-2023-46805 and CVE-2024-218871) in Ivanti Connect Secure VPN. These vulnerabilities allow for authentication bypass and command injection within the web components...

Aki-RATs – Command and Control Party

par Equipe CERT | Nov 28, 2023 | Non classifié(e), CERT

Context During the first half of 2023, CERT Intrinsec handled several incidents involving Akira ransomware group. Companies detected ransomware’s presence, either by reacting to alerts triggered by their security solutions, or, in worst case, by encountering...

Vice Society spreads its own ransomware

par Equipe CTI | Fév 14, 2023 | CERT, Cyber Threat Intelligence

Vice Society is a financially motivated organization encompassing operators and opportunistic intrusion sets known for intrusion, exfiltration and extorsion against a large sample of victims since June 2021. The operator(s) of these alleged intrusion sets offer(s) an...

ProxyNotShell – OWASSRF – Merry Xchange

par Equipe CERT | Jan 16, 2023 | Avis de vulnérabilité, CERT, Cyber Threat Intelligence

Context By the end of 2022, CERT Intrinsec dealt with the newly discovered bypass of ProxyNotShell named OWASSRF. This article details the modus operandi of a threat actor that exploited this vulnerability. On day one, the attackers leveraged vulnerable Exchange...

APT27 – One Year To Exfiltrate Them All: Intrusion In-Depth Analysis

par Equipe CERT | Oct 18, 2022 | CERT, Cyber Threat Intelligence

Context During 2022, a company discovered that one of their equipments was communicating with a known command and control server. As a result, the company decided to contact CERT Intrinsec in order to get help to handle the security breach and manage the crisis. CERT...

Hunting attackers using Microsoft Protection Logs (MPLogs)!

par Equipe CERT | Sep 22, 2022 | CERT, Cyber Threat Intelligence, SOC Sécurité Opérationnelle

This article shares a method & tool developped by Intrinsec to reconstruct attack path using Microsoft Protection logs. Enjoy reading & hunting ! During incident response, CERT Intrinsec performs investigation so as to find indicators of compromise and...

Addressing Forensic Challenges in Ivanti Pulse Secure Environments with Automated AES Key Recovery

Aki-RATs – Command and Control Party

Vice Society spreads its own ransomware

ProxyNotShell – OWASSRF – Merry Xchange

APT27 – One Year To Exfiltrate Them All: Intrusion In-Depth Analysis

Hunting attackers using Microsoft Protection Logs (MPLogs)!

Search

Recent Posts

Archives

Categories