Offensive Security - Security Intelligence

You just got vectored – Using Vectored Exception Handlers (VEH) for defense evasion and process injection

10 min read - Vectored Exception Handlers (VEH) have received a lot of attention from the offensive security industry in recent years, but VEH has been used in malware for well over a decade now. VEH provides developers with an easy way to catch…

August 8, 2024

IoT exploitation during security engagements

9 min read - During two separate security engagements, I discovered command injection vulnerabilities in two embedded devices. Discovering each vulnerability had its unique challenges. One is a classic command injection vulnerability while the other details a “blind” command injection vulnerability, which provides an…

June 6, 2024

X-Force discovers new vulnerabilities in smart treadmill

7 min read - IBM X-Force Red researchers discovered four vulnerabilities in Precor's internet-connected treadmill. Explore the findings.

May 6, 2024

Evolving red teaming for AI environments

2 min read - As AI becomes more ingrained in businesses and daily life, the importance of security grows more paramount. In fact, according to the IBM Institute for Business Value, 96% of executives say adopting generative AI (GenAI) makes a security breach likely…

October 24, 2023

AI vs. human deceit: Unravelling the new age of phishing tactics

7 min read - Attackers seem to innovate nearly as fast as technology develops. Day by day, both technology and threats surge forward. Now, as we enter the AI era, machines not only mimic human behavior but also permeate nearly every facet of our…

X-Force identifies vulnerability in IoT platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

When the absence of noise becomes signal: Defensive considerations for Lazarus FudModule

7 min read - In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as that has been previously covered in the X-Force blog post. This blog will focus on highlighting the opportunities for detection of the FudModule within the…

Containers, security and risks within containerized environments

4 min read - Applications have historically been deployed and created in a manner reminiscent of classic shopping malls. First, a developer builds the mall, then creates the various stores inside. The stores conform to the dimensions of the mall and operate within its floor plan. In older approaches to application development, a developer would have a targeted system or set of systems for which they intend to create an application. This targeted system would be the mall. Then, when building the application, they would…

How to keep your secrets safe: A password primer

5 min read - There are two kinds of companies in the world: those that have been breached by criminals, and those that have been breached and don't know it yet. Criminals are relentless. Today’s cyberattacks have evolved into high-level espionage perpetrated by robust criminal organizations or nation-states. In the era of software as a service (SaaS), enterprise data is more likely to be stored on the cloud rather than on prem. Using sophisticated cloud scanning software, criminals can breach an enterprise system within…

How to keep your secrets safe: A password primer

5 min read - There are two kinds of companies in the world: those that have been breached by criminals, and those that have been breached and don’t know it yet. Criminals are relentless. Today’s cyberattacks have evolved into high-level espionage perpetrated by robust…

How to compromise a modern-day network

8 min read - An insidious issue has been slowly growing under the noses of IT admins and security professionals for the past twenty years. As companies evolved to meet the technological demands of the early 2000s, they became increasingly dependent on vulnerable technology…

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

4 min read - You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why…

Security Intelligence

{{title}}

{{title}}

{{title}}

Topics

You just got vectored – Using Vectored Exception Handlers (VEH) for defense evasion and process injection

IoT exploitation during security engagements

X-Force discovers new vulnerabilities in smart treadmill

Evolving red teaming for AI environments

AI vs. human deceit: Unravelling the new age of phishing tactics

X-Force identifies vulnerability in IoT platform

When the absence of noise becomes signal: Defensive considerations for Lazarus FudModule

Containers, security and risks within containerized environments

How to keep your secrets safe: A password primer

How to keep your secrets safe: A password primer

How an attacker can achieve persistence in Google Cloud Platform (GCP) with Cloud Shell

How to compromise a modern-day network

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

{{{title}}}

Topic updates