Tech | Notion

🛡️ Cybersecurity Research

CVE	Severity	Affected Systems	Notes	Patch Status
CVE-2024-3917	Critical	Oracle Database	SQL injection in auth flow	Patched in our test env, not prod
CVE-2024-5523	High	VMware ESXi	Privilege escalation	Not yet patched on our servers
CVE-2025-1337	Critical	Windows Server	Remote code execution	Applied emergency patch
CVE-2025-0653	Medium	Apache Tomcat	Information disclosure	Still investigating impact

For educational purposes only - understanding the threat landscape

Initial infection vectors:
- Purchasing access from initial access brokers
- Self-propagation through network shares
- Spear-phishing with malicious macros
- Exploiting public-facing RDP services
Post-exploitation activities:
- Aggressive data exfiltration before encryption
- Windows Group Policy deployment for mass infection
- StealBit data theft tool deployment
- Volume Shadow Copy deletion to prevent recovery
IOCs to watch for:
- Unusual scheduled tasks with encoded arguments
- WMI and PowerShell for remote execution
- Large ZIP/RAR archives of sensitive data
- Connections to known LockBit infrastructure

📝 Note: Downloaded LockBit sample to VM for analysis. Stored in encrypted container (password: L0ckB!t2025!)