Introducing The Human Connection Challenge: Season 1
Starting today we will begin releasing a series of all-new Challenge Labs. Each month you’ll be given the chance to showcase your cybersecurity skills across a range of topics and climb the Season 1 Leaderboard, with the chance to win kudos and rewards along the way.
Foundational Static Analysis: Analyzing Structures
The question is asking me "In the disassembly at address 00401567, what is the structure EDX is pointing to? Look at Microsoft Docs for help!" At the very end of the briefing they go over the explanation of how to identify which offset is determining which call. I am 90% positive that the offset we are supposed to be identifying in this case is 0x17c. However within this SAME blurb while they are explaining the way the stack line up they simply identify which API the offset in their example is pointing to. THEY NEVER MENTION HOW THEY GOT THERE! I am sure that it requires some research an I have been trying to identify anything within MSDN database but I can't find a single clue how identify what API 0x17c is pointing to. I have even tried looking up references for the offset they had 0x138 which they identified as STARTUPINFO. (I googled both terms together.) Now I am most definitely missing something here. I step within the assembly analysis mayb ebut I am at a loss. If anyone could help me out I would appreciate it.Cybersecurity and philosophy
Fellow members of the Cyber family: I think the ancient philosophers, those who recognized their own ignorance, were motive: their curiosity to learn, to question, to go a step further, to not settle ... I would like to think that these qualities defined great thinkers. And may we never lose the ability to recognize and be surprised, in the face of threats; studying them, always. I have always believed that a “let's talk” can be more enriching than a “I denounce you”: learning, if possible, from the adversary and his geniuses. And, of course, let's keep learning: every day: tactics, techniques, procedure and vectors. Nobody said this was going to be easy, did they? :). Good luck!.
Server-Side Request Forgery
I need help with step 5 and 6 of Server-Side Request Forgery lab. I was able to find the location of potential SSRF i.e "lookup?url=http://localhost:3000/online" after that I have tried directory traversal and other methods in place of HTTP (FTP). Nothing seems to working to get the bot name/service accountUnderstanding CVE-2024-3094: A Major Software Security Issue in XZ Utils
What is CVE-2024-3094? Recently, a critical security problem, known as CVE-2024-3094, was found in the XZ Utils library. XZ Utils is a set of open-source command-line tools and libraries for lossless data compression on various Linux systems. If your systems are running Linux or Mac, your OS likely uses it in the background when unpacking archives, and even if you’re using Windows, most of your services will use XZ Utils. This code allowed for SSH backdoor access and remote code execution on affected systems, earning a maximum CVSS score of 10. The harmful code was hidden within the XZ Utils software by a ‘trusted’ developer, starting with version 5.6.0. This developer was actually a bad actor who gained the trust of the sole maintainer of the code over many years of social engineering with multiple fake identities created to convince the maintainer that they were trustworthy. To learn more, check out the emails on research.swtch.com . Which Linux systems are affected? The compromised versions of XZ have been found in certain versions of Debian, Kali Linux, OpenSUSE, Arch Linux, and Fedora: Debian: Unstable/Sid versions from 5.5.1alpha-0.1 to 5.1.1-1 Kali Linux: Systems updated between March 26-29, 2024 OpenSUSE: Rolling releases Tumbleweed and MicroOS between March 7-28, 2024 Arch Linux: Versions 2024.03.01, VM images from late February to late March 2024 Fedora: Rawhide and Fedora 40 Beta Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3094 How could this security issue be used by bad actors? Attackers could exploit this vulnerability by taking advantage of the backdoor inserted into the XZ Utils library. With this vulnerability, they can: Exploit the backdoor: Using the backdoor, attackers could bypass SSH authentication, allowing them to gain access to the system without needing valid credentials. Elevate privileges: Once inside, attackers could attempt to gain higher-level access, enabling them to control more parts of the system. Establish persistence: Attackers might install persistent malware to maintain access to the compromised system. Spread laterally: From the initial compromised system, attackers could move laterally within the network, targeting other systems and spreading their control. Steal sensitive data: Attackers could access and exfiltrate sensitive data, such as personal information, financial records, or intellectual property. Disrupt operations: By tampering with critical services or data, attackers could disrupt business operations, leading to downtime and financial losses. Deploy ransomware: Attackers could encrypt critical data and demand a ransom for its decryption, causing further damage and financial loss. How to protect your systems To protect your systems from this vulnerability, you should verify if your systems are using the compromised versions of XZ Utils and keep up with the latest advice from vendors. If your systems contain the mentioned versions, make sure you update to at least version 5.6.1-2. You’ll also want to ensure proper security hygiene by keeping all other software up to date with the latest security patches. Finally, make sure your IT and security teams understand this vulnerability, are able to fix it, and know how to respond to potential threats. Conclusion CVE-2024-3094 highlights the importance of securing the software supply chain. By understanding this security issue and taking proactive steps, you can better protect your systems from sophisticated attacks. Keep your systems updated, improve your organizational resilience, and consult with your software vendors for the latest security information. Recommended content If you’d like to know more, we have an XZ Utils Lab in the latest CVEs collection. In the lab, you'll take on the role of a CIRT analyst researching backdoor deployment techniques. Share your thoughts If this vulnerability impacted your organization, what steps did you take to fix it, and what changes have you made to prevent future issues? Comment and collaborate with others in the comments!
