StealC Malware Analysis Part 3 In the first article of the series, we saw how to unpack the first stage pkr_ce1a manually and using... 2024-10-3 19:39:0 | 阅读: 17 | 收藏 | Lexfo's security blog - blog.lexfo.fr xored c4 callers stealc decoded

StealC Malware Analysis Part 2 Stage 2 informationIn the previous article, we retrieved Stage2 (a PE) encrypted and embedded in Sta... 2024-10-3 19:38:0 | 阅读: 8 | 收藏 | Lexfo's security blog - blog.lexfo.fr jitter miasm stage syncupd c2

StealC Malware Analysis Part 1 This series of blog posts is aimed at a technical audience interested in reverse engineering and, mo... 2024-10-3 19:37:0 | 阅读: 16 | 收藏 | Lexfo's security blog - blog.lexfo.fr miasm jitter libbase shellcode memory

Jupiter X Core Plugin <= 4.7.5 Authentication Bypass (CVE-2024-7781) AbstractDuring a security assessment of a Wordpress website, the jupiterx-core plugin was identified... 2024-9-26 17:0:0 | 阅读: 16 | 收藏 | Lexfo's security blog - blog.lexfo.fr wp jupiterx facebook phpcs attacker

Jupiter X Core Plugin <= 4.6.5 Remote Code Execution (CVE-2024-7772) AbstractDuring a security assessment of a Wordpress website, the jupiterx-core plugin was identified... 2024-9-26 17:0:0 | 阅读: 41 | 收藏 | Lexfo's security blog - blog.lexfo.fr raven php wp jupiterx blacklist

Writing a stealer logs parser Table of contentsIntroductionContextExpectationsImplementationScrapingGrammarParsingStoring and usin... 2024-7-9 00:0:0 | 阅读: 6 | 收藏 | Lexfo's security blog - blog.lexfo.fr newline soft grammar chrome seller

CVE-2023-27997 - Forensics short notice for XORtigate Following the release of the CVE-2023-27997 on our blog and its section "A few notes for blue teamer... 2023-6-14 01:0:0 | 阅读: 89 | 收藏 | Lexfo's security blog - blog.lexfo.fr remote 27997 salt dtls 32bit

XORtigate: Pre-authentication Remote Code Execution on Fortigate VPN (CVE-2023-27997) During a redteam assessment for one of our client, we had the opportunity to look into Fortigate SSL... 2023-6-13 22:0:0 | 阅读: 149 | 收藏 | Lexfo's security blog - blog.lexfo.fr oplus enspace memory compute keystream

Sshimpanzee TLDR;sshimpanzee is a fork of openssh server packaged with different network tunnels. It currently p... 2023-3-25 01:0:0 | 阅读: 32 | 收藏 | Lexfo's security blog - blog.lexfo.fr icmp tun payload fifo tunnel

Cobalt Strike Investigation - Part 2 The previous article detailed the findings of the Cobalt Strike remote-exec built-in command that al... 2023-3-9 20:0:0 | 阅读: 124 | 收藏 | Lexfo's security blog - blog.lexfo.fr windows powershell evtx sysmon usn

Cobalt Strike Investigation Part 1 IntroductionApproachFindings SummaryCobalt Strike remote-exec winrm4.1. Sysmon Events4.2. Findings4.... 2022-9-20 18:0:0 | 阅读: 28 | 收藏 | blog.lexfo.fr evtx windows alice powershell prefetch

安全通告 - 涉及华为某路由器产品的口令验证漏洞 nginx/1.21.6 ... 2022-6-28 08:0:0 | 阅读: 11 | 收藏 | blog.lexfo.fr

安全通告 - 涉及华为打印机产品的输入验证类漏洞 nginx/1.21.6 ... 2022-6-20 08:0:0 | 阅读: 7 | 收藏 | blog.lexfo.fr

安全通告 - 涉及华为打印机产品的输入校验漏洞 nginx/1.21.6 ... 2022-6-6 08:0:0 | 阅读: 10 | 收藏 | blog.lexfo.fr

安全通告 - 华为某产品存在命令注入漏洞 nginx/1.21.6 ... 2022-6-6 08:0:0 | 阅读: 17 | 收藏 | blog.lexfo.fr

安全通告 - 涉及华为产品的输入校验漏洞 nginx/1.21.6 ... 2022-6-1 08:0:0 | 阅读: 10 | 收藏 | blog.lexfo.fr

安全通告 - 华为的某些产品存在越界写漏洞 nginx/1.21.6 ... 2022-5-23 08:0:0 | 阅读: 13 | 收藏 | blog.lexfo.fr

安全通告 - 华为某些产品存在拒绝服务漏洞 nginx/1.21.6 ... 2022-5-23 08:0:0 | 阅读: 14 | 收藏 | blog.lexfo.fr

Obfuscated obfuscation IntroductionDuring a Red Team, we stumbled upon a device running Android. Next to the battery slot,... 2022-4-11 14:0:0 | 阅读: 13 | 收藏 | blog.lexfo.fr rk i3 i2 td4 carr

AvosLocker Ransomware Linux Version Analysis IntroductionOver the last few months, several cyber gangs (BlackCat, Hive, Revil, etc.) have built L... 2022-3-3 01:0:0 | 阅读: 17 | 收藏 | blog.lexfo.fr ransomware ecies encryption salsa hl