Taggart Jul 21, 2023

Hey all, the recommended hunts for potential exploitation of CVE-2023-3519 involve searching for webshell-like files that are newer than the last patch of the system.

That's cool, and you should do it, but also be aware that timestomping is a very common technique used by attackers targeting *Nix systems with 0-days.

A more considered approach to hunting webshells may be valuable, such as entropy analysis within web-facing directories. And of course log analysis for abnormal commands post-exploitation.

#ThreatIntel #CVE20233519

MITRE ATT&CK vulnerability spotlight: Timestomping | Infosec Resources

MITRE Corporation is a non-profit and federally funded research and development center (FFRDC) that provides unbiased R&D and assessment services to

Infosec Resources
Show threadTaggart 
Good writeup on the technicals here: https://blog.assetnote.io/2023/07/21/citrix-CVE-2023-3519-analysis/
Analysis of CVE-2023-3519 in Citrix ADC and NetScaler Gateway

Application security issues found by Assetnote

Assetnote
Jul 21, 2023 at 1:45pmWeb