Discover and read the best of Twitter Threads about #unc11994
Most recents (1)
๐จA Tough Outlook for Home Page Attacks
๐fireeye.com/blog/threat-reโฆ
Blog has #APT33 ๐ฎ๐ท, #APT34 ๐ฎ๐ท, and #UNC1194 ๐ด๓ ต๓ ณ๓ ฏ๓ จ๓ ฟ๐ home page persistence & RCE.
๐We talk CVE-2017-11774 patch tampering in-the-wild and made a hardening guide!
๐ฑCool TTPs (pictured) #GuardrailsOfTheGalaxy
๐fireeye.com/blog/threat-reโฆ
Blog has #APT33 ๐ฎ๐ท, #APT34 ๐ฎ๐ท, and #UNC1194 ๐ด๓ ต๓ ณ๓ ฏ๓ จ๓ ฟ๐ home page persistence & RCE.
๐We talk CVE-2017-11774 patch tampering in-the-wild and made a hardening guide!
๐ฑCool TTPs (pictured) #GuardrailsOfTheGalaxy
Here is the #UNC1194 first stage (recon) payload stored in an attacker-controlled @Azure storage blob:
Pretty neat that the attacker (@TrustedSec) can conduct a full intrusion by just swapping the storage blob content for the next stage!
Pretty neat that the attacker (@TrustedSec) can conduct a full intrusion by just swapping the storage blob content for the next stage!
This was a fun one to write with McWhirt & @doughsec. We ended up with 3 registry settings to enforce with Group Policy for CVE-2017-11774 Outlook hardening:
fireeye.com/blog/threat-reโฆ
Final step is to enforce GPO reprocessing.
fireeye.com/blog/threat-reโฆ
Final step is to enforce GPO reprocessing.
