Old Backdoor, New Obfuscation, (Sat, Mar 18th)

This post was originally published on this site

When you’re hunting, sometimes you feel lucky because you spotted something that looks brand new, but sometimes it’s not new or… the code has been changed to bypass existing detections. Here is a perfect example. A few months ago, Juniper discovered[1] a backdoor targeting VMWare ESXi servers, more precisely, the OpenSLP service (%%cve:2019-5544%% and %%cve:2020-3992%%).

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.