Discover and read the best of Twitter Threads about #UNC11994

Most recents (1)

๐Ÿ”จA Tough Outlook for Home Page Attacks
๐Ÿ”—fireeye.com/blog/threat-reโ€ฆ
Blog has #APT33 ๐Ÿ‡ฎ๐Ÿ‡ท, #APT34 ๐Ÿ‡ฎ๐Ÿ‡ท, and #UNC1194 ๐Ÿด๓ ต๓ ณ๓ ฏ๓ จ๓ ฟ๐Ÿ˜‰ home page persistence & RCE.
๐Ÿ”’We talk CVE-2017-11774 patch tampering in-the-wild and made a hardening guide!
๐Ÿ˜ฑCool TTPs (pictured) #GuardrailsOfTheGalaxy UNC1194 macros and CVE-2017...Domain guardrail, Azure sto...
Here is the #UNC1194 first stage (recon) payload stored in an attacker-controlled @Azure storage blob:
Pretty neat that the attacker (@TrustedSec) can conduct a full intrusion by just swapping the storage blob content for the next stage!
This was a fun one to write with McWhirt & @doughsec. We ended up with 3 registry settings to enforce with Group Policy for CVE-2017-11774 Outlook hardening:
fireeye.com/blog/threat-reโ€ฆ
Final step is to enforce GPO reprocessing. Image
Read 6 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!