Ioc

Investigating an in-the-wild campaign using RCE in CraftCMS

18 April 2025 ~26 min By Nicolas Bourras
Analysis Craft Cms Incident Response Ioc Malware Php Post-Exploitation Threat Hunting Yii Iocs Post Exploitation
In mid-February, Orange Cyberdefense’s CSIRT was tasked with investigating a server that had been hosting a now-unavailable website. The site had been built using CraftCMS running version 4.12.8. The forensic investigation and post-analysis with the Ethical Hacking team led to the discovery of two CVEs: CVE-2024-58136 and CVE-2025-32432. This blog post aims to present: The investigation that led to the finding of those two CVEs, and details of the different…

Waiting for goDoH

24 October 2018 ~9 min By Leon Jacobs
Bypass Command Execution Dns Experiment Ioc Malware Research Tools Tunnelling
“Exfiltration Over Alternate Protocol” techniques such as using the Domain Name System as a covert communication channel for data exfiltration is not a new concept. We’ve used the technique for many years at SensePost, including Haroon & Marco’s 2007 BH/DC talk on Squeeza. In the present age this is a well understood topic, at least amongst Infosec folks, with a large number of resources, available, online that aim to enlighten those…