“If not properly remediated, DSC will automatically re-infect the victim by re-dropping the file and re-executing the malware without notifying the user,” explained Kazanciyan.
“We have yet to see an example of this attack happening in the wild – that doesn’t mean it isn’t happening – but it does give us hope that we can get this out there so that red and blue teams are aware.”
The experts also provided useful suggestions on the attack in order to prevent its exploitation in the wild by cyber criminals. The Powershell 3 and later are able to log the execution of malicious script like the ones used by Hastings’ and Kazanciyan’s attack.
The experts are inviting hackers to contribute to the theirDSCompromised framework which is available on GitHub.
Give a look to the Slides of the presentation or download the audio.
The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the…
A cyber attack has been disrupting operations at Synlab Italia, a leading provider of medical…
Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler…
A financially motivated group named GhostR claims the theft of a sensitive database from World-Check…
Researcher demonstrated how to exploit vulnerabilities in the Windows DOS-to-NT path conversion process to achieve…
Japan's CERT warns of a vulnerability in the Forminator WordPress plugin that allows unrestricted file uploads…
This website uses cookies.