AllAboutSecurityNov 23

APT24 erweitert Arsenal: Von Watering-Hole zu Multi-Vektor-Angriffen auf Taiwan

Wie die Google Threat Intelligence Group (GTIG) in einer aktuellen Analyse aufdeckt, setzt die Hackergruppe seit drei Jahren den hochgradig verschleierten Downloader BADAUDIO ein – und hat dabei ihre Taktik von breit gestreuten Watering-Hole-Angriffen auf komplexe Multi-Vektor-Operationen erwei..

https://www.all-about-security.de/apt24-erweitert-arsenal-von-watering-hole-zu-multi-vektor-angriffen-auf-taiwan/

#cybersecurity #cyberattack #APT #APT24 #GoogleThreatIntelligence #hackers #DLLHijacking

Analyse: Wie APT24 komplexe Multi-Vektor-Angriffe plant

Die Analyse zeigt, wie APT24 seine Taktiken verändert. Entdecken Sie die Verwendung von BADAUDIO in modernen Angriffen.

All About Security Das Online-Magazin zu Cybersecurity (Cybersicherheit). Ransomware, Phishing, IT-Sicherheit, Netzwerksicherheit, KI, Threats, DDoS, Identity & Access, Plattformsicherheit
Tarnkappe.infoOct 28
📬 Docker mit Sicherheitslücke CVE-2025-9164: Warum eine manuelle Installation empfehlenswert ist
#Cyberangriffe #ITSicherheit #CVE20259164 #DLLDatei #DLLHijacking #DockerDesktop #DownloadOrdner #Suchpfade #WindowsInstaller https://sc.tarnkappe.info/adb704
Docker mit Sicherheitslücke CVE-2025-9164: Warum eine manuelle Installation empfehlenswert ist

Docker mit Sicherheitslücke. Docker Desktop ist unter Windows bis Version 4.48.0 von einer DLL-Hijacking-Sicherheitslücke betroffen.

TARNKAPPE.INFO
V0lk3n Jun 2, 2024

I published my WriteUp of Analysis box from @hackthebox_eu

👇👇👇

https://v0lk3n.github.io/writeup/HackTheBox/Box/Analysis/HTB-Analysis_WriteUp

I hope that you will like it :)

#HTB #LDAPInjection #DLLHijacking #Windows #Pentest #CyberSecurity #HackTheBox

HTB Analysis - WriteUp

Welcome to my personal blog, here you can find some of my work.

V0lk3n’s Blog
Tedi HeriyantoSep 2, 2023

Demystifying DLL Hijacking Understanding the Intricate World of Dynamic Link Library Attacks: https://www.binarydefense.com/resources/blog/demystifying-dll-hijacking-understanding-the-intricate-world-of-dynamic-link-library-attacks/

#dllhijacking

Demystifying DLL Hijacking Understanding the Intricate World of Dynamic Link Library Attacks | Binary Defense

[ By: Jonny Johnson, Senior Researcher of Adversarial Techniques and Capabilities at Binary Defense Introduction DLL Hijack-based attacks have been popular within the offensive community for several years. This technique has been used to achieve initial access, persistence, or privilege escalation in several environments. Due to the volume of DLL loads that happen in an […]

Binary Defense
Chris Shields   🛩️ 🏴‍☠️Jan 29, 2023

Great reference for #DLLHijacking that I keep forgetting about: https://hijacklibs.net/

It is a similar concept to https://lolbas-project.github.io and https://gtfobins.github.io/

HijackLibs.net

HijackLibs provides an curated list of DLL Hijacking opportunities: mappings between DLLs and vulnerable executables, with additional metadata for more context. For defenders, this project can provide valuable information when trying to detect DLL Hijacking attempts; for red teamers, this project can help identify DLLs that can be used to achieve DLL Hijacking.

HijackLibs.net
Tarnkappe.infoNov 10, 2022
📬 StrelaStealer klaut E-Mail-Konten aus Outlook und Thunderbird
#Malware #DLLHijacking #EMailKonten #Infostealer #Outlook #polyglotteDatei #StrelaStealer #Thunderbird https://tarnkappe.info/artikel/malware/strelastealer-klaut-e-mail-konten-aus-outlook-und-thunderbird-259060.html
StrelaStealer klaut E-Mail-Konten aus Outlook und Thunderbird

Und wenn er nach einem Täuschungsmanöver endlich aktiv ist, sammelt StrelaStealer fleißig Zugangsdaten und schickt sie seinem Schöpfer.

Tarnkappe.info
imlordoftheringsNov 6, 2022

I wrote a little script to parse and extend the Sigma rules from hijacklibs dll side loading archive.

Feel free to modify this to include your PySigma tail content so it can work in your SIEM

https://github.com/joshnck/Sigma_Rules/blob/main/scripts/get-hijacklibs-sigma-rules.ps1

#sigma #dllhijacking #blueteam #threathunting #thrunting

Sigma_Rules/get-hijacklibs-sigma-rules.ps1 at main · joshnck/Sigma_Rules

My personal sigma rules. Contribute to joshnck/Sigma_Rules development by creating an account on GitHub.

GitHub
Tarnkappe.infoOct 26, 2022
📬 AnyConnect: Ciscos “sicheres Arbeiten” braucht ein Update
#Hacking #Softwareentwicklung #AnyConnect #CISA #Cisco #DLLHijacking #IPsec #SSL #VPNClient https://tarnkappe.info/artikel/hacking/anyconnect-ciscos-sicheres-arbeiten-braucht-ein-update-258317.html
AnyConnect: Ciscos "sicheres Arbeiten" braucht ein Update

Zwei Schwachstellen in Ciscos AnyConnect sind eigentlich längst geschlossen. Eigentlich muss man dafür aber den Client updaten. Eigentlich.

Tarnkappe.info
ITSEC NewsOct 19, 2020
Overlay Malware Targets Windows Users with a DLL Hijack Twist - Brazilians are warned of a new Vizom malware masquerading as video conferencing and browser softwa... https://threatpost.com/overlay-malware-dll-hijack/160288/ #remoteaccesstrojan #brazilbankmalware #dllhijacking #malware #vivaldi #windows #brazil #hacks #vizom
Overlay Malware Targets Windows Users with a DLL Hijack Twist

Brazilians are warned of a new Vizom malware masquerading as video conferencing and browser software.

Threatpost - English - Global - threatpost.com
brimstoneApr 22, 2019

I just pocketed: UAC Bypass in System Reset Binary via DLL Hijacking

https://www.activecyber.us/activelabs/uac-bypass-in-system-reset-binary-via-dll-hijacking

#dllhijacking #security #tutorial #windows

UAC Bypass in System Reset Binary via DLL Hijacking

​To continue our journey in the realm of bypassing UAC (see previous work here ), we’ve decided to investigate Windows Server 2019. Please note this blog post is not a UAC primer but if you need...