IT News and Events

Current Issue | Archives

IT News and Events (Vendor News Edition) > Volume 302 > Issue 3 > Mandiant News >

DevOps: Accelerating Application Modernization (June 22nd)

Permhash - No Curls Necessary

<< Previous Next >>

Mandiant News, Tuesday, May 16,2023
May 16, 2023,
Volume 302, Issue 3

Adversaries take numerous directions to gain authorization for actions on targeted endpoints: privilege escalation, DLL side-loading, credential theft, and more.

Browser extensions, Android Packages (APKs), and other permission declaring files take a different approach-they declare the permissions they require, sensitive or not. These file types are external code sources that are given authorization to run with varying degrees of permissions. Due to their unique file type, not being a standard executable, there is a lack of automated analysis that is performed on these files. Security researchers, threat hunters, and cyber analysts need a method to cluster, hunt for, and pivot between browser extensions, APKs, and other files that declare a set of permissions in a repeatable and scalable way.

Read More ...

Keywords:

Other articles in the Mandiant News section of Volume 302, Issue 3:

A Requirements-Driven Approach To Cyber Threat Intelligence
Permhash - No Curls Necessary (this article)
SIM Swapping and Abuse of the Microsoft Azure Serial Console: Serial Is Part of a Well Balanced Attack

See all archived articles in the Mandiant News section.