Это видео недоступно.
Сожалеем об этом.

Hunting Exploitation of SmartScreen and Streaming Service CVEs | Threat SnapShot

Поделиться
HTML-код
  • Опубликовано: 7 мар 2024
  • Let's face it - if patch management was a silver bullet then we wouldn't need vulnerability management, and threat actors know this. Vulnerabilities get picked up by threat actors and exploited as 1-days. In this week's Threat SnapShot, we'll look at a few recent Windows vulnerabilities that have been added to the CISA Known Exploited Vulnerability catalog and are actively used by threat actors like Water Hydra and Raspberry Robin. The first, a SmartScreen bypass (CVE-2023-36025 and CVE-2024-21412), allows code execution through crafted short links. The second, a privilege escalation vulnerability in the Windows Streaming Service driver (CVE-2023-29360), allows attackers to gain SYSTEM level privileges on a compromised host. We'll dig into these threats and discuss detection and threat hunting strategies to keep you protected.
    References:
    - thehackernews....
    - www.trendmicro...
    - www.bleepingco...
    - big5-sec.githu...
    SnapAttack Resources:
    - app.snapattack... - Collection: Water Hydra Exploits Microsoft Defender SmartScreen Zero-Day | Threat SnapShot
    - app.snapattack... - Threat: CVE-2023-36025 - Smartscreen Bypass
    - app.snapattack... - Threat: CVE-2024-21412 SmartScreen Bypass
    - app.snapattack... - Detection: Possible CVE-2023-36025 Exploitation
    - app.snapattack... - Detection: Suspicious URL File
    - app.snapattack... - Detection: Suspicious WebDav HTTP Request
    - app.snapattack... - Detection: Suspicious File Execution From Internet Hosted WebDav Share
    - app.snapattack... - Detection: Windows WebDAV User Agent
    - app.snapattack... - Detection: Suspicious WebDav Client Execution Via Rundll32.EXE
    - app.snapattack... - Collection: Microsoft Streaming Service Elevation of Privilege (CVE-2023-29360) | Threat SnapShot
    - app.snapattack... - Threat: CVE-2023-29360 Windows Streaming Service Privilege Escalation
    - app.snapattack... - Detection: Elevated System Shell Spawned
    - app.snapattack... - Detection: Possible Winlogon Process Injection
    - app.snapattack... - Detection: Win32 OpenProcess API Call With PROCESS_ALL_ACCESS Rights
    - app.snapattack... - Detection: Possible Windows Streaming Service Driver Exploitation
    - app.snapattack... - Detection: Windows Drivers Loaded by Signature

Комментарии • 2

Следующие
Автовоспроизведение
ScreenConnect Compromise: Hackers Are Watching, Are You Ready? | Threat SnapShot16:25ScreenConnect Compromise: Hackers Are Watching, Are You Ready? | Threat SnapShot
ScreenConnect Compromise: Hackers Are Watching, Are You Ready? | Threat SnapShotSnapAttack
Просмотров 651
Operationalizing the 2024 M-Trends Report | Threat SnapShot14:13Operationalizing the 2024 M-Trends Report | Threat SnapShot
Operationalizing the 2024 M-Trends Report | Threat SnapShotSnapAttack
Просмотров 164
It's Raining Shells! Recent CVEs in SharePoint, Splunk, and Confluence, Oh My! | Threat SnapShot14:57It's Raining Shells! Recent CVEs in SharePoint, Splunk, and Confluence, Oh My! | Threat SnapShot
It's Raining Shells! Recent CVEs in SharePoint, Splunk, and Confluence, Oh My! | Threat SnapShotSnapAttack
Просмотров 146
Chuckyy - Devil Hours [Official Music Video]02:27Chuckyy - Devil Hours [Official Music Video]
Chuckyy - Devil Hours [Official Music Video]Chuckyy
Просмотров 115 тыс.
I Worked 24 Hours at Roblox JOBS55:13I Worked 24 Hours at Roblox JOBS
I Worked 24 Hours at Roblox JOBSLaughability
Просмотров 1,3 млн
Highlights: Springboks v Australia in Brisbane05:24Highlights: Springboks v Australia in Brisbane
Highlights: Springboks v Australia in BrisbaneOfficial Springbok YouTube
Просмотров 184 тыс.
MultiVersus - Official Beetlejuice “What’s My Name” Gameplay Trailer01:07MultiVersus - Official Beetlejuice “What’s My Name” Gameplay Trailer
MultiVersus - Official Beetlejuice “What’s My Name” Gameplay TrailerMultiVersus
Просмотров 117 тыс.
Best Virus Removal Tools: Cleaning a deeply infected system8:31Best Virus Removal Tools: Cleaning a deeply infected system
Best Virus Removal Tools: Cleaning a deeply infected systemThe PC Security Channel
Просмотров 855 тыс.
The Biggest Data Breach Ever? Over 2.7 Billion Records Leaked Online5:10The Biggest Data Breach Ever? Over 2.7 Billion Records Leaked Online
The Biggest Data Breach Ever? Over 2.7 Billion Records Leaked OnlineSecurity Daily Review
Просмотров 116
NSA Backdoor in Windows? This and more from the guy who created Windows Task Manager!53:11NSA Backdoor in Windows? This and more from the guy who created Windows Task Manager!
NSA Backdoor in Windows? This and more from the guy who created Windows Task Manager!David Bombal
Просмотров 460 тыс.
Untangling Scattered Spider's Web: Hunting for RMM Tools | Threat SnapShot15:25Untangling Scattered Spider's Web: Hunting for RMM Tools | Threat SnapShot
Untangling Scattered Spider's Web: Hunting for RMM Tools | Threat SnapShotSnapAttack
Просмотров 266
Unzipped! The Hidden Dangers Behind .Zip Domains | Threat SnapShot10:47Unzipped! The Hidden Dangers Behind .Zip Domains | Threat SnapShot
Unzipped! The Hidden Dangers Behind .Zip Domains | Threat SnapShotSnapAttack
Просмотров 82
ESXi Ransomware: Trends, Logging, and Detection | Threat SnapShot9:35ESXi Ransomware: Trends, Logging, and Detection | Threat SnapShot
ESXi Ransomware: Trends, Logging, and Detection | Threat SnapShotSnapAttack
Просмотров 813
How do hackers hide themselves? - staying anonymous online11:55How do hackers hide themselves? - staying anonymous online
How do hackers hide themselves? - staying anonymous onlineGrant Collins
Просмотров 1,4 млн
Playing Cat and Mouse with the Attacker: Frequent Item Set Mining in the Registry (CAMLIS 2022)20:06Playing Cat and Mouse with the Attacker: Frequent Item Set Mining in the Registry (CAMLIS 2022)
Playing Cat and Mouse with the Attacker: Frequent Item Set Mining in the Registry (CAMLIS 2022)SnapAttack
Просмотров 50
Turning Novel Threats into Detections Easily with SnapAttack31:54Turning Novel Threats into Detections Easily with SnapAttack
Turning Novel Threats into Detections Easily with SnapAttackSnapAttack
Просмотров 88
Бои в Курской области: ВСУ берут пленных01:32Бои в Курской области: ВСУ берут пленных
Бои в Курской области: ВСУ берут пленныхEuronews по-русски
Просмотров 482 тыс.
Тест різних марок авто - бананом!00:31Тест різних марок авто - бананом!
Тест різних марок авто - бананом!Avtozvuk.ua - AutoBaza
Просмотров 888 тыс.
Sevinch Ismoilova - Xayollarim 18-Avgust 19:00 Premera00:19Sevinch Ismoilova - Xayollarim 18-Avgust 19:00 Premera
Sevinch Ismoilova - Xayollarim 18-Avgust 19:00 PremeraSevinch Ismoilova
Просмотров 129 тыс.
Первые испытания самого быстрого трактора Беларус!33:37Первые испытания самого быстрого трактора Беларус!
Первые испытания самого быстрого трактора Беларус!Combat Crew
Просмотров 821 тыс.
Сырский - о КУРСКОЙ операции. ВСУ заняли 1 тыс. кв км РФ #shorts00:30Сырский – о КУРСКОЙ операции. ВСУ заняли 1 тыс. кв км РФ #shorts
Сырский - о КУРСКОЙ операции. ВСУ заняли 1 тыс. кв км РФ #shortsFREEДOM
Просмотров 299 тыс.
ВРАГ В ШОКЕ! СДЕЛАЛ КД 1 СЕКУНДУ и ВЫНЕС ВСЕХ #blitz #tanksblitz #shorts00:50ВРАГ В ШОКЕ! СДЕЛАЛ КД 1 СЕКУНДУ и ВЫНЕС ВСЕХ #blitz #tanksblitz #shorts
ВРАГ В ШОКЕ! СДЕЛАЛ КД 1 СЕКУНДУ и ВЫНЕС ВСЕХ #blitz #tanksblitz #shortsnYJI9 TV
Просмотров 110 тыс.
Satisfying Phone Case with Drip Technique! 💖✨🎨 #artandcraft00:18Satisfying Phone Case with Drip Technique! 💖✨🎨 #artandcraft
Satisfying Phone Case with Drip Technique! 💖✨🎨 #artandcraftArtistomg
Просмотров 2,4 млн
Ты опять проспал все лето БЕЗ МАТА ☀️00:13Ты опять проспал все лето БЕЗ МАТА ☀️
Ты опять проспал все лето БЕЗ МАТА ☀️Ksenon
Просмотров 33 тыс.