WithSecure™ Labs: With great research comes great responsibility

Amazon Web Services (AWS) allow permissions policies to be attached to particular sets of resources allowing for granular control. We look into how they can be used effectively, and what happens if they are misconfigured. In particular, the implications of allowing an AWS service to act as a Principal are discussed and how this could expose an environment to abuse.

The focus of this research is on prompt engineering and how changes in inputs affected the resulting synthetic text output of large language models.

Configuration Manager often contain information that could be used by an attacker to find new attack paths or credentials that allow lateral movement. 

In short, the operation consists of an information stealer malware that is delivered to targeted victims that primarily operate in the digital marketing and advertisement space.

Machine Learning in a Changing World

The only constant in the world nowadays is change. This is no different in machine learning, and the data that machine learning models are trained on. Therefore, developing a machine learning model does not stop once we have trained and deployed the model: we should also monitor the deployed model and data, to make sure that the model keeps performing as expected.

This blog provides a full technical walkthrough for implementing a PoC memory scanner for enumerating timer-queue timers as used in Ekko Sleep Obfuscation (https://github.com/Cracked5pider/Ekko).