Guardicore Labs

Guardicore Labs is a global research team, consisting of hackers, cybersecurity researchers and industry experts. We publish our cyber security research and provide analysis, insights and response methodologies to the latest cyber threats as well as lead and participate in academic research. We are also the core maintainers of the Infection Monkey, a popular open-source network resiliency test tool.

attack feature cover

Test Your ATT&CK Before the Attack With Guardicore Infection Monkey

The Monkey now maps its actions to the MITRE ATT&CK knowledge base: It provides a new report with the utilized techniques and recommended mitigations, to help you simulate an APT attack on your network and mitigate real attack paths intelligently.

READ MORE

April 28, 2020

What’s a 10? Pwning vCenter with
CVE-2020-3952

JJ Lehmann, Ofri Ziv
11 Comments
/
Guardicore Labs provides a full, detailed technical analysis of the latest vulnerability from VMware - CVE-2020-3952. The bug, which hit the maximal score of CVSS 10.0, allows a malicious actor to take over the complete vSphere infrastructure, with all its machines and servers.
Read more

The Vollgar Campaign: MS-SQL Servers Under Attack

Ophir Harpaz
2 Comments
/
Guardicore Labs uncovers an attack campaign that’s been under the radar for almost two years, breaching MS-SQL servers and infecting them with remote-access tools and cryptominers.
Read more

January 2020’s Patch Tuesday

Daniel Goldberg, Yoni Rozenshein
1 Comment
/
Guardicore Labs extracts what you need to know regarding the January 2020 Patch Tuesday and data centers.
Read more
Guardicore - Infection Monkey

TEST YOUR NETWORK WITH OUR OPEN SOURCE ATTACK SIMULATION TOOL

Assess the resiliency of your network to post-breach attacks and lateral movement

LEARN MORE

Threats Making WAVs - Incident Response to a Cryptomining Attack

Guardicore Labs Team
Guardicore security researchers describe and uncover a full analysis of a cryptomining attack, which hid a cryptominer inside WAV files. The report includes the full attack vectors, from detection, infection, network propagation and malware analysis and recommendations for optimizing incident response processes in data centers.
Read more

Iran Cyber Threats and Defenses

Daniel Goldberg
Guardicore Labs explains the danger and current status of online Iranian attacks
Read more

Windows Server 2008 R2 and Windows 7 are End of Life

Daniel Goldberg
Discover the steps to harden machines running Windows 7, Windows Server 2008 and Windows Server 2008 R2 against the inevitable unpatched vulnerability that will be disclosed for these systems.
Read more
Guardicore Infection Monkey for Zero Trust

Guardicore Infection Monkey for Zero Trust

Shay Nehmad
Guardicore Labs releases new Zero Trust features to the Infection Monkey to help organizations assess their zero trust security posture quickly and easily.
Read more
Guardicore Labs uncovers the scope of the Smominru mining botnet.

The Massive Propagation of the Smominru Botnet

Ophir Harpaz, Daniel Goldberg
Guardicore Labs provided assistance in a ransomware investigation. We analysed the decryption process of the IEncrypt ransomware and provided a safe-to-use version of the attackers’ decryptor.
Read more
Nansh0u

The Nansh0u Campaign - Hackers Arsenal Grows Stronger

Ophir Harpaz, Daniel Goldberg
6 Comments
/
Guardicore Labs provided assistance in a ransomware investigation. We analysed the decryption process of the IEncrypt ransomware and provided a safe-to-use version of the attackers’ decryptor.
Read more
Guardicore Labs Patch Tuesday

May 2019’s Patch Tuesday: Must-Knows for Every Data Center

Daniel Goldberg, Ophir Harpaz
Guardicore Labs provided assistance in a ransomware investigation. We analysed the decryption process of the IEncrypt ransomware and provided a safe-to-use version of the attackers’ decryptor.
Read more

IResponse to IEncrypt

Ophir Harpaz, Danielle Kuznets
3 Comments
/
Guardicore Labs provided assistance in a ransomware investigation. We analysed the decryption process of the IEncrypt ransomware and provided a safe-to-use version of the attackers’ decryptor.
Read more
Guardicore - Introducing Guardicore Cyber Threat Intelligence

Introducing Guardicore Cyber Threat Intelligence

Daniel Goldberg, Ravit Greitser
1 Comment
/
Guardicore Labs is announcing the release of Cyber Threat Intelligence (CTI), a freely available resource to assist security teams in identifying and investigating malicious IP addresses and domains. Our Cyber Threat Intelligence is designed to allow security teams to keep track of potential threats that are specific to data center and cloud infrastructure.
Read more

Highlights of BlueHat Israel 2019

Daniel Goldberg
BlueHat Israel covered many interesting talks, covering supply chain attacks, processor flaws and many more.
Read more

A vulnerability in Debian’s apt allows for easy lateral movement in data centers

Daniel Goldberg
Guardicore Labs explains the recent vulnerability in the apt package management tool that allows attackers to exploit software installation process to attack Linux servers.
Read more

Bread and butter attacks

Daniel Goldberg, Ofri Ziv
2 Comments
/
Guardicore Labs has uncovered an SSH brute force attack that has stayed under the radar for years. The attack deploys a RAT with DDoS capabilities and a cryptocurrency miner. In this post, we describe the attack, payload and different preventive steps.
Read more
Guardicore - What's New in Infection Monkey Release 1.6

What's New in Infection Monkey Release 1.6

Daniel Goldberg, Ravit Greitser
We are proud to announce the release of a new version of the Infection Monkey, GuardiCore’s open-source Breach and Attack Simulation (BAS) tool. Release 1.6 introduces several new features and a few bug fixes.
Read more
Guardicore - With libSSH, Authentication is Optional

With libSSH, Authentication is Optional

Daniel Goldberg, Ofri Ziv
1 Comment
/
A critical vulnerability (CVE-2018-10933) was disclosed in libSSH, a library implementing the SSH2 protocol for clients and servers. The vulnerability allows an attacker to completely bypass the authentication step and connect to the server without providing any credentials, the worst possible flaw for a library implementing SSH.
Read more
Guardicore - Operation Prowli: Monetizing 40,000 Victim Machines

Operation Prowli: Monetizing 40,000 Victim Machines

Daniel Goldberg, Ofri Ziv, Mor Matalon
3 Comments
/
Guardicore Labs has uncovered a previously unknown operation named Prowli, focused on cryptocurrency mining and traffic hijacking. This operation showcases how attackers abuses insecure websites and their visitors by redirecting them to malicious domains.
Read more
Guardicore - Azure passwords are still at risk; Infection Monkey can help

Azure passwords are still at risk; Infection Monkey can help

Ravit Greitser, Ofri Ziv
As this security flaw still exists and puts Azure environments at risk, we believe it’s important to continuously verify whether your environment is vulnerable. To do that we integrated Azure password harvesting capabilities into the Infection Monkey.
Read more
Guardicore - Recovering Plaintext Passwords from Azure Virtual Machines like It’s the 1990s

Recovering Plaintext Passwords from Azure Virtual Machines like It’s the 1990s

Daniel Goldberg, Ofri Ziv
3 Comments
/
While researching the Azure Guest Agent, we’ve uncovered several security issues which have all been reported to Microsoft. This post will focus on a security design flaw in the VM Access plugin that may enable a cross platform attack impacting every machine type provided by Azure.
Read more
Guardicore - The Next Gen Infection Monkey is Here

The Next Gen Infection Monkey is Here

Ravit Greitser
4 Comments
/
We are pleased to announce a new version of our Infection Monkey open source attack simulation tool with several significant enhancements. We first introduced the Infection Monkey in 2016 and have continuously developed and supported it. Part of what we did came from feedback we received from our community so thanks everyone for contributing!
Read more
Guardicore - Something is brewing: A CPU bug risks virtual memory segmentation

Something is brewing: A CPU bug risks virtual memory segmentation

Daniel Goldberg, Ofri Ziv
0 Comments
/
At any given moment, attack and defense are in a cat and mouse game where each side gains a momentary advantage. What we’ve recently seen over the past few months is a situation where defense is playing catch-up with what appears to be a serious hardware bug.
Read more
Guardicore - Beware the Hex-Men

Beware the Hex-Men

Daniel Goldberg, Mor Matalon
6 Comments
/
In the last few months GuardiCore Labs has been investigating multiple attack campaigns conducted by an established Chinese crime group that operates worldwide. The campaigns are launched from a large coordinated infrastructure and are mostly targeting servers running database services. By now we were able to identify three attack variants - Hex, Hanako and Taylor - targeting different SQL Servers, each with its own goals, scale and target services. This report covers the attackers’ infrastructure, attack variants and how the victims are used for both profit and further propagation.
Read more