Triaging the Week 003

Triaging the Week

Hello there 👋

Welcome back to the Kraven Security weekly newsletter. We round up the week’s top news stories, highlight our featured article, give you some learning resources, and finish with a few personal notes about what’s happening at the company. Enjoy!

It has been a week littered with cloud security. A group of researchers disclosed a Google Workspace feature that could be abused to gain unauthorized access, while another group showed just how easy it was for adversaries to infiltrate AWS cloud accounts. This comes just after MITRE updated their ATT&CK framework with new cloud techniques used by attackers.

A new version of Kali Linux dropped, which was exciting for fans of the Havoc C2 framework as it is now officially supported, and we released our new website so you can learn about threat intelligence, threat hunting, and custom tooling completely for free!

Let’s jump into this week’s top news stories.

Top 5 News Stories

News Stories

Story #1: Google Workspace Vulnerability

Unit 42 researchers have identified a potential security risk in the Google Workspace domain-wide delegation feature, exposing an unexpected method for unauthorized access. 

Key Findings include: (a) A GCP identity with necessary permissions can generate an access token to a delegated user, (b) Malicious insiders or external attackers with stolen credentials could exploit this, impersonating Google Workspace users.

As organizations embrace cloud-based services like Google Workspace and GCP, understanding these security intricacies is paramount. The link between GCP and Google Workspace, along with the GCP permission model, plays a crucial role in overall data security.

Source: Unit42

Story #2: New Proxy Malware Targets Mac Through Pirate Software

Mac users, beware of new threats on the horizon. A concerning trend is emerging as cybercriminals exploit the allure of pirated software to distribute sophisticated proxy trojan malware. This development poses a significant risk to those bypassing official channels for software downloads. Stay vigilant and prioritize legitimate software sources to maintain a secure operating environment. 

It is recommended to download apps from the official App Store, through official websites, or at least run them through a malware sandbox like Intezer Analyze!

Source: Bleeping Computer

Story #3: New Version of Kali Linux Drops

A new version of Kali Linux has just dropped! Version 2023.4 includes a sleek GNOME 45 and an arsenal of 15 fresh tools. Most notably, it now includes the popular open-source command and control (C2) framework Havoc.

Source: Kali Blog

Story #4: BlackCat Ransomware Group Shifts to Targeting Customers Directly

In an alarming shift of tactics, the notorious AlphV/BlackCat ransomware group has announced intentions to “go direct” by targeting the clients of compromised businesses in their extortion schemes. 

The latest alleged victim, accounting software vendor Tipalti, is currently investigating the breach of their systems. This escalates the level of threat for both service providers and their customers.

Source: The Register

Story #5: Red Canary Reveals How Adversaries Infiltrate AWS Cloud Accounts

A recent analysis by Red Canary’s Thomas Gardner and Cody Betsworth has brought to light the potential misuse of Amazon Web Services Security Token Service (AWS STS) by threat actors. 

These findings underscore the importance of robust and vigilant security measures when it comes to managing user identities and access controls in cloud environments. It’s crucial we focus as much attention on securing cloud environments as we do on-premise ones!

Source: Red Canary

Feature Article

Kraven Security Website Launch

The Kraven Security website is officially LIVE!

Dive into the world of cyber threat intelligence, threat hunting, and custom tooling with a platform dedicated to making you a cyber security superhero – absolutely FREE! No hidden costs, no paywalls, just pure knowledge at your fingertips.

If you’ve been following my work on Medium, fear not! I’m not leaving – I’m expanding our horizons. All the content you love on Medium is refined and ready for your exploration on the new platform.

You can learn more about Kraven Security and my plans for future content in the blog post!

Read Now

Learning Resources

Learning Resources

Building a Cybersecurity Startup

This interview is awesome for anyone looking to create or join a cybersecurity startup. It offers some unique insights and top-quality advice. I highly recommend giving it a listen if you are an entrepreneur. 

Abusing Zoom’s Zero Touch Provisioning for Remote Access

Check out this great talk on the Zero-Touch-Pwn attack. The talk discusses how you can abuse use Zoom’s zero-touch provisioning to attack desk phones remotely. Attacks like this highlight the need to secure cloud communication platforms like Zoom as they become increasingly popular in our remote work culture.

All Things Cybersecurity with Beau Bullock

Great discussion between Beau Bullock and Daniel Lowrie that provides some good insights into penetration testing the cloud and AI security. Worth a listen for anyone in cyber!

10 Things to Make Learning Linux Easier

This is a great video to watch if you want to discover the best way to learn Linux. Mastering Linux is fundamental for a technical career in cyber security. The videos shares some are some good tips for getting started!

Personal Notes

🤔 It was an exciting week for Kraven as we dropped our new website publicly. It took a lot of work to get here, but it was a proud moment to see everything come together and provide real value for anyone wanting to learn more about threat intelligence, threat hunting, and custom tooling. 

It was also a busy week for creating content and expanding horizons. 

We are busily working away at delivering a threat intelligence series focused on Definitions and Key Concepts so people can quickly get to grips with the terminology used in the CTI world and make use of threat intelligence reports. We are also looking towards the future by deep-diving into cloud technology and using it to deliver threat hunting labs. The idea is students can use these labs to gain practical experience with the threat hunting process.

Well, back to work, I guess. Have a great weekend, make the most of the resources shared, and keep on learning! 

Back to top arrow

Interesting in Learning More?

Learn the dark arts of red teaming

If you want more of a challenge, take on one of their certification exams and land your next job in cyber:

Learn more cyber security skills

If you’re looking to level up your skills even more, have a go at one of their certifications: