Threat Research

Threat Research

Tutorial of ARM Stack Overflow Exploit against SETUID Root Program

FortiGuard labs presents another technique on how to exploit a classic buffer overflow vulnerability against a SETUID root program when ASLR is enabled. Learn more on how to use data from a local file, instead of stdin, to cause a stack overflow.

By Kai LuJuly 31, 2020

Threat Research

Offense and Defense – A Tale of Two Sides: Group Policy and Logon Scripts

Learn about the 4th installment in this blog series, focusing on different tactics and techniques malicious actors use to complete their cyber missions—and how organizations can detect and ultimately prevent them.

By Anthony Giandomenico July 31, 2020

Threat Research

Tutorial of ARM Stack Overflow Exploit – Defeating ASLR with ret2plt

Understanding ARM platform exploits is crucial for developing protections against the attacks targeting ARM-powered devices. In this blog, FortiGuard Labs will present a tutorial of an ARM stack overflow exploit.

By Kai LuJuly 17, 2020

Threat Research

How Threat Researchers Leverage the Darknet to Stay Ahead of Cyber Threats

FortiGuard Labs uses threat hunting techniques on the Darknet to track cyberattack methods to enhance threat intelligence. Learn more from the FortiGuard Labs team on how they are tracking threat actors to stay ahead.

By Aamir LakhaniJuly 16, 2020

Threat Research

Analysis of .NET Thanos Ransomware Supporting Safeboot with Networking Mode

FortiGuard Labs recently captured a new Thanos ransomware variant advertised on the underground market as a Ransomware-as-a-Service (RaaS) tool. Read our analysis of how it continues to evolve.

By Kai LuJuly 16, 2020

Threat Research

Deep Analysis of a QBot Campaign - Part II

In part two of the analysis of a recently discovered QBot campaign, discover how the core module collects data from a victim’s device, how it extracts submodules, how it injects its injection-module into other processes, and other malicious behaviors.

By Xiaopeng Zhang July 08, 2020

Threat Research

Into the Rabbit Hole – Offensive DNS Tunneling Rootkits

Learn how DNS tunneling works, how to configure well-known DNS tunneling attack rootkits to test the security and detection capabilities in your environment, and get industry best practices for mitigating this attack.

By Aamir LakhaniJuly 01, 2020

Threat Research

EKANS Ransomware Targeting OT ICS Systems

FortiGuard Labs analyzes the latest EKANS ransomware. Learn more about it as well as general TTP trends and related protections.

Threat Research

Taking a Big Picture Look at the Cyber Threat Landscape

Read insights from two of our FortiGuard Labs researchers about the evolution of cyberattacks and how organizations can get out ahead of threats as their digital attack surface expands.

Threat Research

Multiple Critical Vulnerabilities in Adobe Illustrator and After Effects Products

Following best practices of responsible disclosure, FortiGuard Labs discovered and reported vulnerabilities in Adobe Illustrator and After Effects, which Adobe addressed with out-of-band security updates. Learn more.

By Peixue LiJune 17, 2020