We discovered a 17-year-old vulnerability in all of Windows DNS Servers.
SIGRed (CVE-2020-1350) is a wormable, critical vulnerability that can be used to achieve full Domain Administrator privileges.
Check Point Research
592 posts
Check Point Research
@_CPResearch_
Fighting cyber threats one research at a time. News from Check Point’s (@checkpointSW) Research team.
- We launched our new Malware Evasion Encyclopedia, which contains over 50 techniques used by various malwares to detect virtualized and sandboxed environments. We hope this effort would allow for better understanding and analysis of modern attacks.
- Confirmed! TEARDROP the memory-only dropper from the #SUNBURST attack was uploaded to VirusTotal and available for analysis. virustotal.com/gui/file/6e405…
- Based on @ContiLeaks, we made an interactive graph of Conti members' relations and share some insights: 🥳Impressive level of self-organization 🥳Bonuses, prizes and bring-your-friend programs 🥳New friends and career growth! 👀Looming threat of prison research.checkpoint.com/2022/leaks-of-…
- A fresh BlueKeep exploit + loader, written by the exploit developer known as "PlayBit" and named by him "BlackKeep". The sample is available on Virus Total (6/68): virustotal.com/gui/file/06129…
- Based on the insights from of our research, we are happy to present our new Anti-Debug Encyclopedia. All the techniques which are described in this encyclopedia are implemented in our ShowStopper open-source project as well!
- #BREAKING We found files related to the attack against the Steel Industry in Iran. Initial analysis shows that the malware is connected to the attacks against Iran Railways last year, an attack that was thoroughly described in our previous research. Here's what we know so far >>
- In this blog we introduce Thread-Name Calling - A new process injection technique using Thread Name. We also discuss various scenarios in which this not widely-known API can be used for offense.
- This is the story of how we discovered over 50 critical vulnerabilities in Adobe Reader research.checkpoint.com/50-adobe-cves-… #adobe
- A malicious picture can trigger an Instagram vulnerability potentially resulting in RCE on mobile devices. Read our full technical paper here:
- For a reverse engineer, the ability to directly call a function from the analyzed binary can be a shortcut that bypasses a lot of grief. In this article, we explore and compare 3 ways of invoking functions: IDA Appcall, Dumpulator, and Unicorn Engine.
- Reverse RDP Attack - How we broke the 3 most popular RDP clients. research.checkpoint.com/reverse-rdp-at…
- A deep dive into reverse-engineering Rust core features
- Today, we're disclosing an overlooked, wide-impact bug/attack vector affecting the Windows/COM ecosystem, dubbed #MonikerLink. In Outlook, the bug's impact is far and wide: from leaking NTLM creds to RCE. The same issue may exist in other software, too.
