Executive Summary This article demonstrates how attackers can chain Orange Tsai's CVE-2024-4577 with DNS rebinding to achieve remote code execution on internal network infrastructure directly through the victim’s web browser. By bypassing Same-Origin Policy (SOP) and exploiting vulnerable PHP-CGI instances running on local XAMPP servers, internal development
While chilling in a voice chat, one of my friends suggested we play Chained Together. If you haven’t tried it, it’s a game on Steam where all players are literally chained together, and you have to climb up without dragging each other down. Sounds simple, right? Yeah… not
As always, while surfing X (formerly Twitter), I came across an interesting tweet from vx-underground that immediately caught my attention: "Shoutout to the homies at IObit Malware Fighter. Their IMFForceDelete driver is so wildly vulnerable, and poorly written, you can have their driver arbitrarily delete any file on the
During a ransomware incident response, I noticed a file with a strange name that was retrieved by the team. Upon inspection, it turned out to be a driver. This raised the question "what does a driver have to do with a ransomware incident response?" To understand this, I
The retrieved binary is a 32-bit Windows executable that contains BlackCat Ransomware, BlackCat, also known as Noberus or ALPHV, is a sophisticated ransomware family programmed in Rust and deployed as part of Ransomware as a Service (RaaS) operations on Windows, The ransomware can be configured to encrypt files using either
The first file is a 32-bit Windows executable that contains a Cobalt Strike Beacon, This executable file uses two local thread storages to conceal its main functionality, evade detection, and make its code more complex and difficult to analyze, also the file contains a malicious implant known as a Cobalt