CodeGreen Discovers Check Point SSL VPN Zero Day Vulnerability (CVE-2021-30358)

A DLL hijacking and privilege escalation vulnerability exists in the BIG-IP Edge Client Windows Installer (CVE-2022-28714 acknowledged to CodeGreen), which was discovered by CodeGreen’s security analysts while engaging in a penetration test for one of the largest BFSI customers in the region.

F5 BIG-IP APM versions 11.6.1 - 16.0.1 suffer from a session hijack zero day vulnerability (CVE-2021-23002 acknowledged to CodeGreen), which was discovered by CodeGreen’s security analysts while engaging in a penetration test for one of our BFSI customers. This blog demonstrates this vulnerability along with proof-of-concept (PoC) document we submitted to F5 SIRT.

In this blog, Raeez Abdullah our malware analyst talks about and demonstrate how 'pass-the-hash' attack works. 'pass-the-hash' attacks typically exploit the auth protocols and obtain hashes by scraping a system’s active memory. This technique allows attacker to laterally move in the network and gain access to more passwords and password hashes.

In this post, our malware analyst disects and analyse a live sample of Emotet Malware, one of the most advanced and modular banking Trojan dropper, which can function as a downloader of other banking Trojans or as a ransomeware downloader in some cases. See how this malware exfiltrates data.

Web and Mobile application penetration testing is an interesting area to ponder. In spite of many tools, techniques and approaches around; there are few fundamental things we look in to in our penetration testing engagements, which are outlined here.

Having now implemented, rolled-out and successfully signed off one of the largest PAM deployment in the region comprising of 3500 Servers and Appications, I can now summarise some of the biggest challenges in a large PAM deployment of this size.