#sparktar — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #sparktar, aggregated by home.social.
-
We're still discovering further ramifications to #Ivanti's #PulseSecure vulnerabilities (#CVE_2023_46805 & #CVE_2024_21887). In February, we identified two new backdoors: #SparkCockpit & #SparkTar. Both backdoors employ selective interception of TLS communication, offer multiple degrees of persistence and access possibilities into the victim network (e.g., traffic tunneling through SOCKS proxy).
👀 Analysis & detection rules at https://blog.nviso.eu/2024/03/01/covert-tls-n-day-backdoors-sparkcockpit-sparktar/
The findings of our investigation have been independently corroborated by the research performed by Mandiant and have partially been observed by Fortinet.