Security researchers developed a new technique to track hackers through their “fingerprints.” They were able to link Windows local privilege escalation (LPE) exploits two different authors.  

They believed that the Windows exploit sellers sold their creations previously to advanced Russian threat (APT) groups and other clients. According to the cybersecurity firm Check Point’s blog post, the new strategy was developed off the back of a customer response incident, which a small 64-bit executable was found during the cyber attack. 

Also Read: FCC’s New Rules: Consumers No Longer Need to Pay for Caller ID Authentication to Avoid Robocalls As The New Implementation Prevents Surprise Charges

The team analyzed the file and found unique bug strings that are directed to an attempt to utilize a vulnerability on one of the target machines. A leftover PDB path (…cve-2019-0859x64ReleaseCmdTest.pdb0) was discovered in the file, which indicated that the use of a real-world exploit tool. 

The security researchers decided to use the new technique to “fingerprint” recognizable, unique identifiers, which are considered as the work of specific exploit developers. Check Point secured another 32-bit file, which revealed the compiled works of the same individual.  

Check Point researchers also studied unique artifacts in internal file names, binary code, PBD paths, and hardcoded values, such as crypto constants. They also analyzed the garbage values, string usage, data tables, syscall wrappers, and code snippets. 

The team also analyzed the hacker’s preferred elevation and leaking techniques, whether or not heal spraying was used. They also investigated the general process of the exploits. On the other hand, the two small binaries turned into a flow of new samples, which are all based on the newly-established Check Point hunting rules. The security experts then observed the new samples and analyzed the techniques used, allowing them to identify two exploit sellers.  

For more news updates about hackers and other cyber attackers, always keep your tabs open here at TechTimes. 

By clicking on ‘Submit’ button above, you confirm that you accept Tech Times Terms & Conditions

Source: https://www.techtimes.com/articles/253031/20201002/security-experts-develop-new-fingerprinting-technique-to-link-russian-hacking-groups-to-windows-exploit-sellers.htm

Computer security, Exploit, Microsoft Windows, Fingerprint, Research

World news – GB – Researchers Can Now Track Hackers Using ‘Fingerprinting’ Technique

En s’appuyant sur ses expertises dans les domaines du digital, des technologies et des process , CSS Engineering vous accompagne dans vos chantiers de transformation les plus ambitieux et vous aide Ă  faire Ă©merger de nouvelles idĂ©es, de nouvelles offres, de nouveaux modes de collaboration, de nouvelles maniĂšres de produire et de vendre.

CSS Engineering s’implique dans les projets de chaque client comme si c’était les siens. Nous croyons qu’une sociĂ©tĂ© de conseil devrait ĂȘtre plus que d’un conseiller. Nous nous mettons Ă  la place de nos clients, pour aligner nos incitations Ă  leurs objectifs, et collaborer pour dĂ©bloquer le plein potentiel de leur entreprise. Cela Ă©tablit des relations profondes et agrĂ©ables.

Nos services:

  1. Création des sites web professionnels
  2. Hébergement web haute performance et illimité
  3. Vente et installation des caméras de vidéo surveillance
  4. Vente et installation des systĂšme de sĂ©curitĂ© et d’alarme
  5. E-Marketing

Toutes nos réalisations ici https://www.css-engineering.com/en/works/

LEAVE A REPLY

Please enter your comment!
Please enter your name here