ITSEC Newsletter 2025-06-26

Author

Henrik Falk
June 26, 2025

Automating MS-RPC vulnerability research

Microsoft Remote Procedure Call (MS-RPC) is a protocol used within Windows operating systems to enable inter-process communication, both locally and across networks. It allows clients to invoke procedures on remote systems as if they were local functions. However, this same functionality introduces an attack surface, especially when exposed over the network. This is because RPC services regularly are run by a high privilege identity to perform the requested actions. In recent years, several high and critical severity vulnerabilities have been discovered in MS-RPC, underlining its importance as a focus area for security research.

www.incendium.rocks/posts/Automating-MS-RPC-Vulnerability-Research

Threat Hunting Introduction: Cobalt Strike

Cobalt Strike is a threat simulation tool that is used by red teams to perform penetration tests (simulate cyber-security attacks). However, it is also used by malicious actors to perform real-world attacks. In this article, I will demonstrate how anyone can find Cobalt Strike servers on the internet and retrieve metadata from them. After reading this article, you will be able to peek inside the Cobalt Strike servers and see how big companies or malicious actors are using it. Doing this can be pretty fun, it's like being able to hack into hackers or security experts. I will also introduce you to my tool written in Rust, called SigStrike, which I wrote to increase crawling speed by 20x.

rushter.com/blog/threat-hunting-cobalt-strike

The Jitter-Trap: How Randomness Betrays the Evasive

Beacons are being used by various threat actors, including state actors and criminal groups, and many of these cases stay undetected. Our analysis demonstrates how patterns of randomness, often employed for evasion, can be leveraged to uncover the presence of such traffic. By focusing on these identifiable patterns, security professionals can enhance their detection capabilities and bolster their defenses against advanced threats. Continue reading to explore how defenders can use the Jitter-Trap technique to identify even the stealthiest beacons by analyzing behavioral signatures and network anomalies.

www.varonis.com/blog/jitter-trap