When you’re hunting, sometimes you feel lucky because you spotted something that looks brand new, but sometimes it’s not new or… the code has been changed to bypass existing detections. Here is a perfect example. A few months ago, Juniper discovered[1] a backdoor targeting VMWare ESXi servers, more precisely, the OpenSLP service (%%cve:2019-5544%% and %%cve:2020-3992%%).

Old Backdoor, New Obfuscation, (Sat, Mar 18th)
This post was originally published on this site