Aggregator

The Director-General of the Government Communications Security Bureau (GCSB) Andrew Hampton is aware of the cyber-security advisory issued by the United Kingdom, United States and Canada regarding state sponsored malicious cyber activity targeting organisations involved in COVID-19 vaccine development.

Previously I talked about remotely debugging Chrome, and we also covered the latest Microsoft Edge browser along the way.

These features allow an adversary to gain access to authentication tokens and cookies. See MITRE ATT&CK Technique T1539: Steal Web Session Cookie as well for this.

For a while I was wondering if (my favorite) browser Firefox has such debugging features as well, and how one could detect malware trying to exploit it.

A technique on Windows that is less known is how to do basic port-proxying.

Proxying ports is useful when a process binds on one (maybe only the local) interface and you want to expose that endpoint on another network interface.

Let’s say you have an existing process that listens only on the loopback interface, and you want to expose it remotely. Or there are two network interfaces and you want expose traffic from one to the other (maybe some evil persistence for port 3389) - or think of basic pivoting.