ITSEC Newsletter 2024-02-15

TL:DR Insignificant whitespaces in the JSON standard can be used to encode data without breaking the format. This could aid malicious actors in covert lateral movement or data exfiltration.

Threat actors are known to sign their malware using stolen, or even legally acquired, code signing certificates. This threat is becoming more relevant as more and more defenses are relying on digital signatures for allowing or not execution on an endpoint. This project aims at collecting the details of the certificates that are known to be abused in the wild by malicious actors.

The Windows Insider Preview build 26052 just shipped with a sudo command, I thought I'd just take a quick peek to see what it does and how it does it. This is only a short write up of my findings, I think this code is probably still in early stages so I wouldn't want it to be treated too harshly.