Multiple Layers of Anti-Sandboxing Techniques, (Tue, Oct 31st)

This post was originally published on this site

It has been a while that I did not find an interesting malicious Python script. All the scripts that I recently spotted were always the same: a classic intostealer using Discord as C2 channel. Today I found one that contains a lot of anti-sanboxing techniques. Let's review them. For malware, it's key to detect the environment where they are executed. When detonated inside a sandbox (automatically or, manually, by an Analyst), they will be able to change their behaviour (most likely, do nothing)

PowerShell 7.4 Release Candidate 1

This post was originally published on this site

PowerShell 7.4 RC-1 is now available

We’re proud to announce the availability of PowerShell 7.4.0-rc.1!
This is the first release candidate version of PowerShell 7.4 and is considered a “go-live” release
meaning that it is a supported release in production.
Now is the time to test out PowerShell 7.4 in your environment.
PowerShell 7.4 is built on top of .NET 8 and as a LTS (Long Term Support) release will be supported for 3 years.

How do I get it?

Since PowerShell 7 is supported on Windows, Linux, and macOS, there are a variety of ways to get it.
If you had installed the previous PowerShell 7.4 preview release (7.4.0-preview.6) via the Windows Store or MSI (and opted into Microsoft Update),
you will be automatically updated to 7.4.0-rc.1.

Note that after releases there are some delays in all release channels getting the latest bits.
If this version is not available on your release channel of choice expect it to be available
within 2 weeks.

What’s new in this release?

  • PSResourceGet is now GA and has reached a 1.0.0 version in this release– for more info on this module release check out this blog post
  • PSReadLine has been incremented to a new feature version 2.3.4– for more info on this module release check out this blog post
  • This release also contained a number of bug fixes– for the full list of changes please refer to the changelog

For more info on what’s changed in PowerShell 7.4, check out this page of the documentation.

Experimental Features which were made stable for 7.4

The following features were developed and released as experimental during the PowerShell 7.4
previews. Through telemetry and user feedback we determined that they should
be available as non-experimental features in the 7.4 release.

What’s next?

PowerShell 7.4 will be our next LTS release and expected to ship once an RC is determined to be ready.
We’ll have a separate blog post when the GA release of 7.4 becomes available.
We appreciate all the efforts of the community, both individuals and working group members,
and look forward to your continued feedback and contributions!

PowerShell Team

The post PowerShell 7.4 Release Candidate 1 appeared first on PowerShell Team.

Flying under the Radar: The Privacy Impact of multicast DNS, (Mon, Oct 30th)

This post was originally published on this site

The recent patch to iOS/macOS for CVE-2023-42846 made me think it is probably time to write up a reminder about the privacy impact of UPNP and multicast DNS. This is not a new issue, but it appears to have been forgotten a bit [vuln]. In particular, Apple devices are well-known for their verbose multicast DNS messages.

Size Matters for Many Security Controls, (Sat, Oct 28th)

This post was originally published on this site

This week, I'm teaching FOR610 in Manchester, and while my students are busy resolving some challenges, I'm looking at my hunting results from the previous days. I found an interesting sample. The file was delivered via an email with a URL pointing to a well-known file-sharing service: hxxps://www[.]Mediafire[.]com/file/o3m15ydxnhlm9w0/New+Purchase+Order+pdf.tgz/file. The file is not available anymore, but I was able to find it back on VirusTotal: "New Purchase Order pdf.tgz" (SHA256:7f351b32e6209496ef59c511dffaf9312508b53e476b1e77171af3d433b94087[1]) with a low score of 3/54.

VMware Skyline Advisor Pro Proactive Findings – October 2023 Edition

This post was originally published on this site

Tweet VMware Skyline Advisor Pro releases new proactive Findings every month. Findings are prioritized by trending issues in VMware Technical Support, issues raised through post escalation review, security vulnerabilities, issues raised from VMware engineering, and nominated by customers. For the month of October, we released 39 new Findings. Of these, there are 30 Findings based … Continued

Adventures in Validating IPv4 Addresses, (Thu, Oct 26th)

This post was originally published on this site

It should be pretty easy to validate an IP address. IPv4 addresses are 32-bit unsigned integers, and IPv6 addresses are 128-bit unsigned integers. Things get "interesting" when developers attempt to validate IP addresses as a string. There have been a few interesting vulnerabilities around this issue (CVE-2021-28918, CVE-2021-29921, CVE-2021-29418).

PowerShell Extension for Visual Studio Code Fall 2023 Update

This post was originally published on this site

PowerShell Extension for Visual Studio Code Fall 2023 Update

We are excited to announce that the fall update to the PowerShell Extension for Visual Studio Code
is now available on the extension marketplace.

In this update, thanks to efforts across the team, we are shipping the extension with the latest and greatest PSReadLine, v2.3.4! In addition this release contains a number of bug fixes and community contributions.

Thanks to all the many community contributors whose efforts make releases such as these possible!

Updates in the Fall Release

Note that these updates all shipped in our preview channel
for VS Code before shipping in our stable channel.

Some highlights of the fall release:

  • Stop hiding Activity Bar in ISE Mode.
  • Fix race condition with displaying PowerShell name on icon.
  • Support ~, ./ and named workspace folders in cwd.
  • Enhance additionalPowerShellExes setting.
  • Add startLocation setting for Extension Terminal. (Thanks @krishankanumuri!)
  • Upgrade bundled PSReadLine module to v2.3.4.
  • Add None to PsesLogLevel enum.
  • Fix debugging script blocks that aren’t in files.
  • Fix shell integration for PowerShell 5.1 with strict mode.

For the full list of changes please refer to our changelog.

In this release we also updated our versioning schema. The middle version number no longer corresponds to the month, but is simply incremented. Even versions are stable, and odd versions are pre-release, with the latter purposefully being versioned higher than the former in order to keep both channels (pre-release and stable) available in the Visual Studio Code marketplace.

Getting Support and Giving Feedback

While we hope the new release provides a better user experience, there are bound to be issues.
Please let us know if you run into anything.

If you encounter any issues with the PowerShell Extension in Visual Studio Code or have feature requests, the best place to get support is through our GitHub repository.

Sydney Smith
PowerShell Team

The post PowerShell Extension for Visual Studio Code Fall 2023 Update appeared first on PowerShell Team.

Apple Patches Everything. Releases iOS 17.1, MacOS 14.1 and updates for older versions fixing exploited vulnerability, (Wed, Oct 25th)

This post was originally published on this site

Apple released iOS, iPadOS, macOS, tvOS, and Safari updates today. The iOS/macOS updates go back two "generations". This is particularly important for iOS 15, which now receives a patch for CVE-2023-32434, a vulnerability already exploited against earlier versions of iOS. This is also the only issue addressed for these earlier iOS versions.

How an AppleTV may take down your (#IPv6) network, (Mon, Oct 23rd)

This post was originally published on this site

I recently ran into an odd issue with IPv6 connectivity in my home network. During a lengthy outage, I decided to redo some of my network configurations. As part of this change, I also reorganized my IPv6 setup, relying more on DHCPv6 and less on router advertisements to configure IPv6 addresses. Overall, this worked well. My Macs had no issues connecting to IPv6. However, the Linux host I use to alert me of network connectivity issues could not "ping" the test host via IPv6.