Tag: All Blog Listing

Delving into Dalvik: A Look Into DEX Files

During the analysis of a banking trojan sample targeting Android smartphones, Mandiant identified the repeated use of a string obfuscation mechanism throughout the application code. To fully analyze and understand the application’s functionality, one possibility is to manually decode the…

Remediation and Hardening Guide for ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709)

On Feb. 19, 2024, ConnectWise announced two vulnerabilities for their ScreenConnect product affecting (on-premises) versions 23.9.7 and earlier: CVE-2024-1708 – Authentication Bypass Vulnerability (10.0) CVE-2024-1709 – Path Traversal Vulnerability (8.4) These vulnerabilities allow an unauthenticated actor to bypass authentication, and…

Riding Dragons: capa Harnesses Ghidra

capa is the FLARE team’s open source tool that detects capabilities in executable files. Ghidra is an open source software reverse engineering framework created and maintained by the National Security Agency Research Directorate. With the release of capa v7, we have integrated…

Insider Threat: Hunting and Detecting

The insider threat is a multifaceted challenge that represents a significant cybersecurity risk to organizations today. Some are malicious insiders such as employees looking to steal data or sabotage the organization. Some are unintentional insiders such as employees who make…

Flare-On 10 Challenge Solutions

Our goal this year was to make the most difficult Flare-On challenge we’ve ever produced to celebrate a full decade of contests. At the time of this writing, there were 219 Flare-On finishers out of 4,767 registered users, which makes…