Bharath Narayanasamy

MCSE, CCSA, eJPTv2, Security+, CCNA, Azure Certified

CTI_June2024: Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

by

Views: 11SOURCE: MS-ISAC TLP:CLEARMS-ISAC CYBERSECURITY ADVISORY MS-ISAC ADVISORY NUMBER:2024-074 DATE(S) ISSUED:06/25/2024 SUBJECT:Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution OVERVIEW:Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged … Read more

THREAT EMULATION: Introduction

by
This entry is part 4 of 5 in the series Red Team Engagements

Views: 22 Purpose of Threat Emulation Threat emulation is meant to assist security teams and organisations, in general, in better understanding their security posture and their defence mechanisms and performing due diligence in their compliance. These questions are addressed through cyber security assessments, mainly red team engagements, vulnerability assessments and penetration tests. Vulnerability assessments are … Read more

Decoding

by

Views: 10Most commonly used text encoding methods: Base64 Identifying Base64: base64 encoded strings are easily spotted since they only contain alpha-numeric characters. However, the most distinctive feature of base64 is its padding using = characters. The length of base64 encoded strings has to be in a multiple of 4. If the resulting output is only 3 characters long, for example, an extra = is … Read more

Code Obfuscation and Deobfuscation

by
IR_002
This entry is part 12 of 13 in the series Incident Response and Forensics

Views: 12Code Obfuscation is a technique used to make a script more difficult to read by humans but allows it to function the same from a technical point of view, though performance may be slower. This is usually achieved automatically by using an obfuscation tool, which takes code as an input, and attempts to re-write … Read more

Remote Monitoring and Management software used in phishing attacks

by

Views: 12RMM software used in phishing attacks Remote Monitoring & Management (RMM) software, including popular tools like AnyDesk, Atera, and Splashtop, are invaluable for IT administrators today, streamlining tasks and ensuring network integrity from afar. However, these same tools have caught the eye of cybercriminals, who exploit them to infiltrate company networks and pilfer sensitive … Read more