Christiaan Beek

@[email protected]
146 Followers
59 Following
7 Posts
Saved by His Grace • sr dir Threat Analytics
@rapid7
- Low & slow BBQ•opinions are my own• Speaker•
Christiaan BeekJun 4, 2023
https://www.linkedin.com/posts/christiaanbeek_rapid7-observed-exploitation-of-critical-activity-7071159685541687296-Jvm6?utm_source=share&utm_medium=member_ios
Christiaan Beek on LinkedIn: Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability |…

Rapid7 incident response consultants have identified a method to determine what was exfiltrated from compromised MOVEit customer environments: please read the…

Christiaan BeekFeb 11, 2023
Latest research where we use @velocidex to hunt for DLL injection files abused by actors: https://www.rapid7.com/blog/post/2023/02/09/evasion-techniques-uncovered-an-analysis-of-apt-methods/ #plugx
Evasion Techniques Uncovered: An Analysis of APT Methods | Rapid7 Blog

In this piece, we look at DLL search order hijacking and DLL sideloading, which are commonly used by nation state sponsored attackers to evade detection.

Rapid7
Christiaan BeekJan 21, 2023
Fantastic in-depth analytics of CVE-2022-47966: https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966 #AttackerKB @catc0n @todb
CVE-2022-47966 | AttackerKB

## Description CVE-2022-47966 is an unauthenticated remote code execution vulnerability that affects two dozen Zoho ManageEngine products, including ADSelfServ…

AttackerKB
Christiaan BeekDec 21, 2022
CVE-2022-41080, CVE-2022-41082: Rapid7 Observed Exploitation of `OWASSRF` in Exchange for RCE https://www.rapid7.com/blog/post/2022/12/21/cve-2022-41080-cve-2022-41082-rapid7-observed-exploitation-of-owassrf-in-exchange-for-rce/
CVE-2022-41080, CVE-2022-41082: Rapid7 Observed Exploitation of `OWASSRF` in Exchange for RCE | Rapid7 Blog

Beginning December 20, 2022, Rapid7 has responded to an increase in the number of Microsoft Exchange server compromises. Further investigation aligned these attacks to what CrowdStrike is reporting as “OWASSRF”.

Rapid7
Christiaan BeekDec 18, 2022
imp0rtp3Dec 18, 2022

Advisory of #CVE_2022_42475 (FortiOS SSL-VPN RCE) updated with additional IPs of the threat actor exploiting it:
139.180.184[.]197
66.42.91[.]32
158.247.221[.]101
107.148.27[.]117
139.180.128[.]142
155.138.224[.]122
185.174.136[.]20

https://www.fortiguard.com/psirt/FG-IR-22-398

Fortiguard

None

FortiGuard
Christiaan BeekNov 19, 2022
Experiment with R and ray tracing of latest James Webb image