ICMP
How to Detect PowerDrop Command & Control Malware
MixMode Sales Engineer, Josh Snow, explores a real-time threat detection use case involving The MixMode Platform and its ability to identify PowerDrop, a malicious Powershell script that has been specifically targeting the ...
Pingback: ICMP Tunneling Malware
By Keith Jones, Anthony Kasza and Ben Reardon, Security Researchers, Corelight Introduction Recently, Trustwave reported on a new malware family which they discovered during a breach investigation. The backdoor, dubbed Pingback, executes ...
Community detection: CVE-2020-16898
By Ben Reardon, Corelight Security Researcher This month’s Microsoft Patch Tuesday included a severe Remote Code Execution vulnerability in the way that Windows TCP/IP handles IPv6 “Router Advertisement” ICMP messages. Due to ...
Flaw Allows Hacking Macs, iOS Devices with Single Network Packet
Apple has fixed a serious vulnerability in macOS and iOS that could allow hackers to compromise devices over the local network by sending them a single malformed Internet Protocol (IP) packet. The ...
Firewall Evasion Techniques and Countermeasures
Life finds a way. This is one of my favorite quotes from one of my favorite movies and books, Jurassic Park. Internet traffic, like life, will break free and expand to new ...
Firewall Evasion with UDP (PingTunnel)
This is a follow up post to using PingTunnel to bypass security controls by tunneling traffic over ping. For this example we will use the same tool but do it over UDP ...
Firewall Evasion with ICMP (PingTunnel)
Most networks today use a network based access control system to permit certain traffic and deny others. Since the inception of firewalls and web filters users (and malware) working behind them have ...