Guardicore Labs provided assistance in a ransomware investigation. We analysed the decryption process of the IEncrypt ransomware and provided a safe-to-use version of the attackers’ decryptor.
https://www.guardicore.com/wp-content/uploads/2019/04/ir-diagram-Header-cover.png 500 1440 Ophir Harpaz https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Ophir Harpaz2019-04-05 04:05:032019-04-11 07:41:41IResponse to IEncrypt
https://www.guardicore.com/wp-content/uploads/2019/03/gcti-Header-cover.jpg 500 1440 Daniel Goldberg https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Daniel Goldberg2019-03-26 18:59:512019-04-06 10:55:38Introducing Guardicore Cyber Threat Intelligence
Guardicore Labs is announcing the release of Cyber Threat Intelligence (CTI), a freely available resource to assist security teams in identifying and investigating malicious IP addresses and domains. Our Cyber Threat Intelligence is designed to allow security teams to keep track of potential threats that are specific to data center and cloud infrastructure.
https://www.guardicore.com/wp-content/uploads/2019/02/gc-bh-top_banner-op1-cover.jpg 382 1440 Daniel Goldberg https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Daniel Goldberg2019-02-12 05:41:042019-02-22 15:48:46Highlights of BlueHat Israel 2019
BlueHat Israel covered many interesting talks, covering supply chain attacks, processor flaws and many more.
https://www.guardicore.com/wp-content/uploads/2019/01/apt-top_banner-op1-cover-2.png 382 1440 Daniel Goldberg https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Daniel Goldberg2019-01-23 11:28:242019-02-22 15:45:48A vulnerability in Debian’s apt allows for easy lateral movement in data centers
Guardicore Labs explains the recent vulnerability in the apt package management tool that allows attackers to exploit software installation process to attack Linux servers.
https://www.guardicore.com/wp-content/uploads/2018/11/butter-top_banner-op2.png 382 1440 Daniel Goldberg https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Daniel Goldberg2018-11-29 04:28:462019-04-05 11:30:04Bread and butter attacks
Guardicore Labs has uncovered an SSH brute force attack that has stayed under the radar for years. The attack deploys a RAT with DDoS capabilities and a cryptocurrency miner. In this post, we describe the attack, payload and different preventive steps.
https://www.guardicore.com/wp-content/uploads/2018/11/im-upgrade-topbanner-banner.jpg 382 1440 Daniel Goldberg https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Daniel Goldberg2018-11-21 05:15:342019-02-27 10:17:45What's New in Infection Monkey Release 1.6
We are proud to announce the release of a new version of the Infection Monkey, GuardiCore’s open-source Breach and Attack Simulation (BAS) tool. Release 1.6 introduces several new features and a few bug fixes.
https://www.guardicore.com/wp-content/uploads/2018/10/SSH_topbanner-1.jpg 382 1100 Daniel Goldberg https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Daniel Goldberg2018-10-18 02:13:582019-02-23 07:34:43With libSSH, Authentication is Optional
A critical vulnerability (CVE-2018-10933) was disclosed in libSSH, a library implementing the SSH2 protocol for clients and servers. The vulnerability allows an attacker to completely bypass the authentication step and connect to the server without providing any credentials, the worst possible flaw for a library implementing SSH.
https://www.guardicore.com/wp-content/uploads/2018/06/op-prowli-Header-3-e1528198646174.jpg 382 1100 Daniel Goldberg https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Daniel Goldberg2018-06-06 05:00:312019-02-23 07:59:04Operation Prowli: Monetizing 40,000 Victim Machines
Guardicore Labs has uncovered a previously unknown operation named Prowli, focused on cryptocurrency mining and traffic hijacking. This operation showcases how attackers abuses insecure websites and their visitors by redirecting them to malicious domains.
https://www.guardicore.com/wp-content/uploads/2018/04/title_background.jpg 450 1440 Ravit Greitser https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Ravit Greitser2018-04-04 02:59:342019-02-23 08:08:57Azure passwords are still at risk; Infection Monkey can help
As this security flaw still exists and puts Azure environments at risk, we believe it’s important to continuously verify whether your environment is vulnerable. To do that we integrated Azure password harvesting capabilities into the Infection Monkey.
https://www.guardicore.com/wp-content/uploads/2018/03/azure_password_post.jpg 438 1440 Daniel Goldberg https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Daniel Goldberg2018-03-19 04:51:492019-02-23 08:21:35Recovering Plaintext Passwords from Azure Virtual Machines like It’s the 1990s
While researching the Azure Guest Agent, we’ve uncovered several security issues which have all been reported to Microsoft. This post will focus on a security design flaw in the VM Access plugin that may enable a cross platform attack impacting every machine type provided by Azure.