Guardicore Labs provided assistance in a ransomware investigation. We analysed the decryption process of the IEncrypt ransomware and provided a safe-to-use version of the attackers’ decryptor.
https://www.guardicore.com/wp-content/uploads/2019/05/Nansh0u-Header-v1.jpg 500 1440 Ophir Harpaz https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Ophir Harpaz2019-05-29 04:35:232019-08-08 04:27:59The Nansh0u Campaign - Hackers Arsenal Grows Stronger
https://www.guardicore.com/wp-content/uploads/2018/10/SSH_topbanner-1.jpg 382 1100 Daniel Goldberg https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Daniel Goldberg2018-10-18 02:13:582019-07-30 03:23:52With libSSH, Authentication is Optional
A critical vulnerability (CVE-2018-10933) was disclosed in libSSH, a library implementing the SSH2 protocol for clients and servers. The vulnerability allows an attacker to completely bypass the authentication step and connect to the server without providing any credentials, the worst possible flaw for a library implementing SSH.
https://www.guardicore.com/wp-content/uploads/2018/01/post-1-black-hat.jpg 446 1440 Daniel Goldberg https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Daniel Goldberg2017-08-02 02:54:382019-07-30 03:29:40Highlights from Black Hat & DEFCON
I spent the last week at the “Hacker Summer Camp” of Black Hat and DEFCON. Besides meeting people and enjoying the dual craziness of the DEFCON crowd and the Black Hat business hall, we also gave a well received lecture – Escalating Insider Threats using VMWare’s API. Ofri Ziv, Head of GuardiCore labs, presented a backdoor we discovered in VMware’s remote administration API, enabling vSphere users to quickly and easily take over guest machines without providing guest credentials
https://www.guardicore.com/wp-content/uploads/2017/07/escalating-insider-threats-using-vmwares-api2.jpg 446 1440 Daniel Goldberg https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Daniel Goldberg2017-07-27 12:24:572019-07-30 03:30:20Escalating Insider Threats Using VMware's API
VMware vSphere is the most widely used virtualization platform for on-premises data centers. Similarly to other virtualization platforms, it basically relies on host servers running guest machines. These hosts and guest machines can be managed using administration interfaces such as vSphere API and VIX API. The GuardiCore Labs team has discovered a vulnerability in the vSphere infrastructure that can be exploited using VMware’s Virtual Infrastructure eXtension (VIX) API. This vulnerability allows an attacker to remotely execute code on guest machines, bypassing the need for guest authentication.
Dave Burton https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Dave Burton2017-07-19 05:35:402017-07-19 05:35:40Guardicore Labs to Disclose Vulnerability in VMware vSphere at Black Hat USA 2017: From vSphere User to Guest Remote Code Execution
Session to Address Vulnerability That May Allow a vSphere User to Take Over Data Center Guest Machines
San Francisco, CA and Tel Aviv, Israel – GuardiCore, a leader in internal data center and cloud security, today announced it would unveil a significant vulnerability affecting all recent VMware vSphere versions including 6.5, 6.0, 5.5 and provide mitigation at the upcoming Black Hat USA 2017.
Dave Burton https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Dave Burton2016-08-04 16:34:052019-11-21 04:17:44Best 8 Hacking Tools from This Years Black Hat Conference
Here are 8 absolute badass hacking tools which were demoed in this year’s Black Hat Conference. Hackers and security researchers are pulling out all the stops yet again, using Black Hat as a platform to explain, release and/or promote a ton of great tools for pen testers and security operations experts. Here are some of the highlights and tools that are being or will be demoed during the course of the conference which will end on 4th August.
https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png 0 0 Dave Burton https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Dave Burton2016-07-30 09:15:082019-11-21 04:17:218 Bad Ass Tools Coming Out Of Black Hat
Inspired by Netflix’s Chaos Monkey project, Infection Monkey is a data center pentest tool designed to spin up infected virtual machines within random parts of the data center to test for potential blind spots in the overall network security chain and help teams bolster their data center security resilience.
https://www.guardicore.com/wp-content/uploads/2015/12/Yup-We-Can-See-It-Coming.jpg 187 686 Sharon Besser https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Sharon Besser2015-12-23 07:54:182019-02-25 10:54:35Yup, We Can See It Coming
On December 17th, 2015 Juniper issued an advisory indicating that they had discovered unauthorized code in the ScreenOS software that powers their Netscreen firewalls. This advisory covered two distinct issues; a backdoor in the VPN implementation that allows a passive eavesdropper to decrypt traffic and a second backdoor that allows an attacker to bypass authentication in the SSH and Telnet daemons. There are speculations that the backdoor was installed by “State Sponsored” actors. Shortly after Juniper posted the advisory, an employee of Fox-IT stated that they were able to identify the backdoor password in six hours. (So much for Government efficiency hiding their actions)