Monthly summary of interesting articles, reports and tools for tech experts, covering both offensive and defensive topics.

🔴 Red Team

📝 Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
In January 2025, researchers uncovered malware pretending to be a Proof-of-Concept (PoC) exploit for the LDAPNightmare vulnerability (CVE-2024-49113). This malware, disguised as a real tool, is an information thief made to steal sensitive data from infected systems.

Attackers took advantage of the interest in the LDAPNightmare vulnerability to trick users into downloading and running the fake exploit. Once run, the malware collects information like login details, system data, and other private information, then sends it to the attackers’ servers.

This finding highlights the importance of checking the authenticity of security tools before using them and being careful with PoC exploits from unverified sources. Researchers strongly advise security professionals to use tools only from trusted sources and to set up measures to detect and block malware that pretends to be security tools.

📌 Source: https://www.trendmicro.com/fr_fr/research/25/a/information-stealer-masquerades-as-ldapnightmare-poc-exploit.html

📝 Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel
In November 2024, security researchers Sam Curry and Shubham Shah found a serious security issue in Subaru’s STARLINK service, which allowed unauthorized access to cars and customer accounts in the US, Canada, and Japan.
They discovered a subdomain for an admin interface and used the password reset feature, bypassing the 2FA by removing the client-side overlay.
With this flaw, an attacker with just the victim’s name, postal code, email, phone number, or license plate could:

  • Start, stop, lock, unlock, and locate any vehicle remotely.
  • Get the complete travel history of the vehicle for the past year, accurate to 5 meters.
  • Access personal information of customers, including emergency contacts, authorized users, physical address, billing info, and the vehicle’s PIN.

The researchers reported this issue to Subaru, which fixed it in under 24 hours. However, this raises concerns about the amount of personal data collected by modern cars and how accessible it is to car manufacturer employees.

📌 Source: https://samcurry.net/hacking-subaru

📝 CVE surge: Why the record rise in new vulnerabilities?
In 2024, a record 40,009 new vulnerabilities were found, which is a 38% increase from 2023.
This rise is mainly due to more code being written, software becoming more complex, and the widespread use of technologies like cloud computing and the Internet of Things. The use of third-party components has also increased the risk of vulnerabilities, as seen in major incidents like Log4Shell and the SolarWinds breach. Notably, five CVE Numbering Authorities (CNAs), including Kernel.org and GitHub, were responsible for nearly 44% of the CVEs published in 2024, showing the importance of reporting vulnerabilities in open-source projects.
BlackNoise’s viewpoint: These trends highlight the need for different strategies to improve overall security. Given these conditions, it is impossible to fix all vulnerabilities completely, especially over time. Therefore, it is important to expect that vulnerabilities may be exploited and to focus on improving detection and response to these attacks.

📌 Source: https://www.yeswehack.com/news/cve-surge-record-jump-vulnerabilities

🔵 Blue Team

🛠️ Happy YARA Christmas!
The Threat Detection and Research (TDR) team at Sekoia.io has published hundreds of YARA rules on a GitHub repo by the end of 2024 to help security analysts with tasks like identifying threats, tracking malware changes, and finding suspicious files from unknown sources.
These rules are also used by other services like VirusTotal, Triage, and the YARAify project from Abuse.ch, improving threat detection and response for files uploaded to these platforms.
Congratulations on this outstanding work, and thank you to the TDR team at Sekoia.io for their valuable contributions to the community! 👏

📌 Source: https://blog.sekoia.io/happy-yara-christmas/

🛠️ AttackRuleMap
This tool maps Atomic Red Team attack simulations to open-source detection rules like Sigma and Splunk ESCU.
The project connects these simulations with detection rules, aiding security experts in simulating attacks and testing detection methods.

📌 Source: https://github.com/krdmnbrk/AttackRuleMap

📘 SANS 2024 Detection & Response Survey: Transforming Cybersecurity Operations: AI, Automation, and Integration in Detection and Response
The SANS 2024 Detection & Response Survey is a significant study for Blue Team experts, as it provides a comprehensive overview by gathering information from numerous organizations of various sizes and sectors.
It explores how these organizations handle essential elements of detection and response, as well as the integration of these crucial functions within their operations. The survey covers various topics, including the performance of tools such as Extended Detection and Response (XDR) and Network Detection and Response (NDR), the synergy between human expertise and technology, the application of artificial intelligence and machine learning (AI/ML), and the detection of threats in cloud environments.

📌 Source: https://www.sans.org/white-papers/sans-2024-detection-response-survey/