Tyson, Chicken Rancher 🐓

Soooo ... that integrity checker tool that Ivanti wants customers to use to detect compromise? It doesn't scan more than a dozen directories including /data, /etc, /tmp, and /var. As a test of what was possible, @n0x08 installed the Sliver C2 tool in /data and ran the integrity checker tool and it passed. Patched Ivanti VPNs could very well still be compromised even if the integrity checker tool gave them an all-clear.

We also found numerous extremely old software packages, including a Linux kernel that was EOL in 2020 (CentOS 6.4). Yikes!

https://eclypsium.com/blog/flatlined-analyzing-pulse-secure-firmware-and-bypassing-integrity-checking/

#ivanti #connectsecure #connectaround

Feb 15, 2024 at 5:27pmWeb
Show threadret2bed is hacking web apps Feb 19, 2024
@tsupasat there is no way they published an "integrity checker tool". Is this satire?
Show threadTyson, Chicken Rancher 🐓Feb 19, 2024
@ret2bed Yes, they did. We’re laughing through our tears aren’t we?
Show threadret2bed is hacking web apps Feb 19, 2024
@tsupasat not sure if I'd call it laughing or gasping for air