Events
JXoaT,
Oct 12
2023
Are you afraid of the dark?
On the dark nights of October, our elders and parents warn us about sinister threats stalking the net. They help illuminate these long nights by giving us the tools to defend ourselves from the unknown. Multi-factor authentication (MFA), strong passwords, and phishing training are all shared over the Hack The Box (HTB) bonfire in hopes to keep us safe from harm.
One by one, each member of the circle shares their brush with a creature of the night. They speak of the horrors lurking in unexpected places and how they managed to survive the night.
“In the Bleakwater Lake, there be talk of a creature that swims below the murky waters. It is a creature of guile and wit. An aquatic beast that impersonates the calls of a person in danger or in need of assistance.
Many have deemed it a phisherman’s tale. However, ye’ who ain’t weary of the dangers of phishing, could fall victim to what lurks under dark tides.”“How do you know when to tell you’re being lured into its trap?” A young child asked.
The old man replied, “Training and experience are the truest forms of protection. We must stay vigilant and keep people apprised of what is false and what is not.
Luckily, a wandering gunslinger helped the last poor soul to be duped by the creature. They fired a salvo into a creature and watched it sink into the depths.
But, till this day, we still hear cries from the lake.”
An email still remains one of the most common vectors in a breach. For example, this monster CVE-2023-36884 (Murkwater Siren) the attacker creates a deceptive document that, when opened, downloads a malicious file. The file hosts a script that, when triggered, inserts an iframe. This, in-turn, leads to the download of a harmful payload.
The only way this would happen is by trusting a phishing email from the creature.
To shut down the creature in the depths, you must learn the telltale signs of an imposter email, just as you would learn to detect the aquatic beast's discernible monotone cadence of speech and serpent-like drawl that eerily mimics the voice of a loved one.
Only interact with emails from trusted sources, be suspicious of emails asking you to take action, and always notify your security team of anything unusual.
She walked stiffly before sitting at the foot of the bonfire. As her shadow danced behind her, she began to spin a yarn of a creature most foul.
“My friend heard a horrid rumor recently. It started a couple of towns over. A creature skulks through the Dusk Burrough Forest. It harbors sharp fangs, wretched claws, and brute force. The creature hunts relentlessly in search of its next victim. Unwavering, unflinching, and keen to find victims in the dead of night.
Luckily, a brave huntsman broke through thickets and brambles to vanquish the beast.
From what I heard, they were successful. The huntsman emerged from the forest with the beast’s pelt and accepted a bounty. The villagers rejoiced at his triumph.”
Lifting her gaze from the heart of the fire, she looked grimly into the eyes of her fellow villagers.
“That was until the huntsman regaled the townspeople of the true horror of the beast.
Before dispatching the fiend, the bewildered hunter explained that their target approached them as a human wanderer. It spoke of its days of living among the common folk—luring him into a sense of ease before shifting forms. It became one of us… and walked among the community without being discovered.
For all we know, there could be more of them among us now. So, we must be sure about how we let people into our villages in the future.”
You hear it constantly, “Use strong passwords and multi-factor authentication (MFA).” Realistically, you take this information without context and don’t see the threats that exist in parallel. For example, our monster CVE-2023-20269 (Moonlit Menace).
A Cisco vulnerability that could allow an unauthenticated attacker to brute force usernames and passwords. It was utilized by the Akira ransomware group to target small to medium-sized businesses using Cisco products.
Who was their main target?
Based on their victims and negotiation tactics, the ransomware threat actors appear to be opportunistic attackers that target organizations that did not enable MFA on VPN appliances.
Keep a keen eye and be sure everyone is correctly authenticated before passing into your organization. This beast eagerly tracks those with lax authentication methods, chewing up weak passwords with a decisive *crunch.*
This snarling evil will always waltz into comfortable towns that inherently trust our own. Your team must be vigilant. Don’t be a fool to a wolf in sheep’s clothing and ensure that you validate twice. Strong passwords and MFA will keep you safe at night.
Silence would often fall upon the fire. In a world filled with horrific stories, there tends to be comfort in quiet moments.
“I live in an ancient home. It is a rickety mansion that has been passed down through generations and was rarely updated. My family warned me of a sinister shadow that began to dart through walls and plagued the nights with blood-curdling howls.
It possesses items around the home and flings them violently at anyone who dares enter. Nightmares have plagued me, and I often awoke near the dangerously high ledges of damaged floorboards.”
As he spoke, he paced back and forth.
"I tired of the aggression of this dreadful thing. I could not bear to let my familial home fall into squalor any longer. And, by some grace, someone arrived in town curious about my cursed home—a detective.
They would slyly evade the creature's attempts to foil and derail their investigation. The detective's witt would inevitably lead them to what anchored the ghast to our world.
I was surprised to find the nightly denizen could only exist in parts of our home that had fallen to ruin, and by fixing parts of the home, its power diminished.
We gradually restored the outdated fixtures the creature used to thrive. I now live free of the fear that haunted me and never let the home fall into disrepair again."
We should talk about one of the more recent monsters to appear, CVE-2023-4911 (Murkwater Siren). It is a buffer overflow targeting GLIBC_TUNABLES in GNU C's dynamic library.
GLIBC_TUNABLES is an environment parameter administrators can use to optimize application performance. Considering it is a core component, it is a widespread vulnerability throughout major Linux distributions.
This creature's screams and wails came from the dilapidated nest of a worn-down home. The true culprit of the monster's existence was neglect. Just as the home fell into shambles without the proper upkeep and maintenance, our internal infrastructure can be haunted by parts we forget to update or patch.
Be sure to stay current with application versions, OS updates, and patches to be sure you don't become a victim of the ghost in the wires.
“There has yet been a creature to best me. They all tire as I chase them into the light.”
With unrivaled knowledge of terrain, The Huntsman prowls through dark forests and verdant groves. Guided by an unmatched ferocity, they seek monsters fierce and unseen. He seeks not just the thrill, but a purpose in hunting larger bounties with each new excursion.
Are you The Huntsman? Sharpen your ax and join the hunt.
“Each dusk brings a new mystery, we alone must confront the world of the unknown.”
In fog-shrouded alleys of ruinous cities, The Detective uses unmatched wit to unravel the crimes of the city's hidden monsters. With a keen eye and deductive prowess, he stands as the only line of defense between humanity and what lurks in the shadows. With his skills, no foe can hide.
Are you The Detective? Then grab your coat, there’s work to be done.
“Here’s the difference between us … I don’t miss.”
Amidst dusty trails of the badlands, a sharpshooter with true grit roams. The Gunslinger uses an arsenal and precision to bring justice to creatures of the night. As the shadows grow long, so do tales of their heroics in a lawless land. Test their mettle and you’ll be hitching your wagon to a falling star.
Are you The Gunslinger? Grab your six-shooter and saddle up.
We hope you enjoyed our tales during this hallowed Cybersecurity Awareness Month! It wouldn’t be right to leave without a treat. So, be sure to use the coupon below and get started in your fight against dark forces.
Don't be afraid of hackers, become one! Use the HTBoo special coupon code “hacktheboo23” at checkout and claim a 20% discount on VIP+ or Pro Labs Annual Subscriptions. Claim it until October 31st, 23.59 UTC.
Blue Teaming
Odysseus (c4n0pus), Dec 20, 2024