Hunting Exploitation of SmartScreen and Streaming Service CVEs | Threat SnapShot скачать в хорошем качестве

Hunting Exploitation of SmartScreen and Streaming Service CVEs | Threat SnapShot

Let's face it - if patch management was a silver bullet then we wouldn't need vulnerability management, and threat actors know this. Vulnerabilities get picked up by threat actors and exploited as 1-days. In this week's Threat SnapShot, we'll look at a few recent Windows vulnerabilities that have been added to the CISA Known Exploited Vulnerability catalog and are actively used by threat actors like Water Hydra and Raspberry Robin. The first, a SmartScreen bypass (CVE-2023-36025 and CVE-2024-21412), allows code execution through crafted short links. The second, a privilege escalation vulnerability in the Windows Streaming Service driver (CVE-2023-29360), allows attackers to gain SYSTEM level privileges on a compromised host. We'll dig into these threats and discuss detection and threat hunting strategies to keep you protected. References: https://thehackernews.com/2024/02/dar... https://www.trendmicro.com/en_us/rese... https://www.bleepingcomputer.com/news... https://big5-sec.github.io/posts/CVE-... SnapAttack Resources: https://app.snapattack.com/collection... - Collection: Water Hydra Exploits Microsoft Defender SmartScreen Zero-Day | Threat SnapShot https://app.snapattack.com/threat/348... - Threat: CVE-2023-36025 - Smartscreen Bypass https://app.snapattack.com/threat/dac... - Threat: CVE-2024-21412 SmartScreen Bypass https://app.snapattack.com/detection/... - Detection: Possible CVE-2023-36025 Exploitation https://app.snapattack.com/detection/... - Detection: Suspicious URL File https://app.snapattack.com/detection/... - Detection: Suspicious WebDav HTTP Request https://app.snapattack.com/detection/... - Detection: Suspicious File Execution From Internet Hosted WebDav Share https://app.snapattack.com/detection/... - Detection: Windows WebDAV User Agent https://app.snapattack.com/detection/... - Detection: Suspicious WebDav Client Execution Via Rundll32.EXE https://app.snapattack.com/collection... - Collection: Microsoft Streaming Service Elevation of Privilege (CVE-2023-29360) | Threat SnapShot https://app.snapattack.com/threat/bec... - Threat: CVE-2023-29360 Windows Streaming Service Privilege Escalation https://app.snapattack.com/detection/... - Detection: Elevated System Shell Spawned https://app.snapattack.com/detection/... - Detection: Possible Winlogon Process Injection https://app.snapattack.com/detection/... - Detection: Win32 OpenProcess API Call With PROCESS_ALL_ACCESS Rights https://app.snapattack.com/detection/... - Detection: Possible Windows Streaming Service Driver Exploitation https://app.snapattack.com/detection/... - Detection: Windows Drivers Loaded by Signature