WithSecure™ Labs: With great research comes great responsibility

Research, development, updates and tooling you can use.

Latest Publication

Read all publications
Looting Microsoft Configuration Manager
September 30, 2022
Looting Microsoft Configuration Manager

Configuration Manager often contain information that could be used by an attacker to find new attack paths or credentials that allow lateral movement. 

Read more

DUCKTAIL returns: Underneath the ruffled feathers
September 30, 2022
DUCKTAIL returns: Underneath the ruffled feathers

In short, the operation consists of an information stealer malware that is delivered to targeted victims that primarily operate in the digital marketing and advertisement space.

Read more

Machine Learning accuracy forecast
September 30, 2022
Machine Learning accuracy forecast

Machine Learning in a Changing World

The only constant in the world nowadays is change. This is no different in machine learning, and the data that machine learning models are trained on. Therefore, developing a machine learning model does not stop once we have trained and deployed the model: we should also monitor the deployed model and data, to make sure that the model keeps performing as expected.

Read more

Hunting for timer-queue timers
September 30, 2022
Hunting for timer-queue timers

This blog provides a full technical walkthrough for implementing a PoC memory scanner for enumerating timer-queue timers as used in Ekko Sleep Obfuscation (https://github.com/Cracked5pider/Ekko).

Read more

Prototype Pollution Primer for Pentesters and Programmers
September 30, 2022
Prototype Pollution Primer for Pentesters and Programmers

Prototype pollution is a vulnerability that exploits inheritance behavior in JavaScript to create malicious instances of data types, which in the right conditions, can result in the execution of attacker-supplied code. Depending on the context, this can have impacts ranging from DOM-based Cross Site Scripting to even Remote Code Execution.

Read more

DUCKTAIL: An infostealer malware targeting Facebook Business accounts
September 30, 2022
DUCKTAIL: An infostealer malware targeting Facebook Business accounts

WithSecure™ has discovered an ongoing operation (dubbed "DUCKTAIL") that targets individuals and organizations that operate on Facebook’s Business and Ads platform.

Read more

Latest Advisories

Find out all advisories

Featured Tools

Check out all tools