RSM Defense Intelligence has observed some claims and reports of a Universal Serial Bus (USB) thumb drive or commonly called flash drive being used as single detonation bombs. One such example was in Ecuador. The device was mailed to a journalist and Ecuadorian television presenter, which resulted in the USB being utilized as an explosive after being plugged into the USB ... READ MORE
Blog
Managed Vs. Federated Office 365: What’s the Difference?
When considering the methods of attack an organization should defend itself, what comes to mind? Certainly, you should defend yourself against the most devastating forms of attack. That missing patch that leads to full domain compromise? Take care of that immediately. That password policy that means everyone uses “1234”? Should probably look at that too. What about the most ... READ MORE
Intel Insights – VMWare ESXi and ESXiArgs Ransomware
RSM Defense Intelligence has observed open-source reporting, as well as notifications from CISA(JCSA_AA23-039A), which indicates that malicious actors are exploiting known vulnerabilities in VMware ESXi software to gain access to servers and deploy ESXiArgs ransomware. Vulnerabilities utilized by the malicious actors include CVE-2021-21974 (CVSS 8.8), CVE-2020-3992 (CVSS 9.8), ... READ MORE
How to Perform OGNL Injection
While we frequently discuss SQL injection and command injection, OGNL injection receives a lot less attention. What is OGNL? OGNL stands for “Object Graph Navigation Language,” which is written through Java and is used in the Apache Struts2 framework for web applications. Struts2 was originally created to build “enterprise ready web applications” and was known for being able ... READ MORE
Intel Insights – ChatGPT: Good Angel or Bad Robot?
Since the roll out of Open AI’s publicly accessible ChatGPT (Generative Pre-training Transformer) on November 30, 2022, ChatGPT has been subject to widespread attention both in the Clearnet and “DarkWeb”. ChatGPT is based on the GPT architecture and was first released in 2019. Since then, it has undergone several updates and major changes. The GPT model was trained on a ... READ MORE
Intel Insights – Emotet recommences email spam operations after five-month break
RSM Defense Analyst Notes: On November 2nd, 2022, Cryptolaemus researchers observed the Emotet malware operation spamming malicious emails after a nearly five-month period of little activity. The current campaign uses stolen email reply chains to distribute malicious Excel attachments. The attachments target users worldwide using various languages and files names, masquerading ... READ MORE
Back To Basics: NTLM Relay
Despite being a veteran protocol, New Technology Lan Manager (NTLM) remains one of the most common authentication protocols used in Windows environments. Even though Kerberos offers enhanced security features over NTLM, many systems and functions still depend on NTLM, making it impossible for most organizations to move away from it entirely. Unfortunately, there are a number ... READ MORE
Back to Basics: Brute Forcing Techniques
During an attack, a threat actor can often enumerate leverageable information through open-source intelligence (OSINT) gathering techniques. This can include information on users that are present on the target environment, such as usernames and email addresses. Often, a threat actor can use this information to craft a targeted list of users to facilitate a variety of attack ... READ MORE
2022 Attack Vectors Report
For many years, RSM has made a continuous effort to assist organizations in addressing cybersecurity challenges, provide tools to achieve a desired state of security, and deliver guidance for attack prevention. We perform security penetration testing to simulate attacks on internal networks and closely mimic security breaches within controlled environments. By conducting these ... READ MORE
Back to Basics: Kerberoasting
Welcome back to our "Back to Basics" series, where we provide you with an overview of the bread and butter pentesting techniques that we regularly see compromise networks. In this week's installment, we're looking at Kerberoasting. Kerberoasting is a method to capture hashed passwords using the Kerberos network authentication protocol. This protocol protects network services ... READ MORE