Renato MarinhoGuildma is now abusing colorcpl.exe LOLBINWhile analyzing a Guildma sample recently uploaded to MalwareBazaar [1], we came across a chain of LOLBIN abuse. It is not uncommon to see…May 5, 2023May 5, 2023
Renato MarinhoLog4Shell campaigns are using Nashorn to get reverse shell on victim’s machinesAlmost one year later, Log4Shell attacks are still alive and making victims. Log4shell, as you may remember, was the name given to a remote…Nov 22, 2022Nov 22, 2022
Renato MarinhoTranslating Saitama’s DNS tunneling messagesContent initially posted at SANS ISCJun 13, 2022Jun 13, 2022
Renato MarinhoWSO2 RCE exploited in the wildWhile investigating a malicious crypto-mining case, I discovered that attackers implanted the payload exploiting a recently patched RCE…Apr 26, 2022Apr 26, 2022
Renato MarinhoPwnKit: Vulnerabilidade crítica e de fácil exploração permite elevação de privilégios em sistemas…Acaba de ser divulgada uma vulnerabilidade crítica (CVE-2021–4034) numa ferramenta chamada ‘pkexec’, presente em praticamente todas as…Jan 25, 2022Jan 25, 2022
Renato MarinhoAttackers are abusing MSBuild to evade defenses and implant Cobalt Strike beaconsMicrosoft Build Engine is the platform for building applications on Windows, mainly used in environments where Visual Studio is not…Dec 27, 2021Dec 27, 2021
Renato MarinhoExample of how attackers are trying to push crypto miners via Log4ShellArticle initially posted at SANS ISCDec 24, 2021Dec 24, 2021
Renato MarinhoLog4Shell exploited to implant coin minersArticle initially posted at SANS ISCDec 13, 2021Dec 13, 2021
Renato MarinhoLog4shell: vulnerabilidade crítica afeta biblioteca log4j (URGENTE)Update 18/12/2021 08:10Dec 11, 2021Dec 11, 2021