Taking few days off and missed all the fun :(
An update on Cisco IOS XE CVE-2023-20198.
It looks like my honeypot got triggered on
28th October.

Modern attacks by Danijel Grah at #BSidesZagreb

Danijel Grah rocking the #bsidesljubljana BSides Ljubljana stage

Danijel Grah on the stage,.. #BSidesljubljana

Danijel Grah Filip Dragovic Doesn't seem that way:

BSidesZagreb started! Talking about “public secrets”! Vanja Svajcer and Danijel Grah already meditating before their talks! #bsideszagreb

Full chain of commands:

gist.github.com/rashimo/a0ef01…

En la fascinante ponencia de Danijel Grah “Modern Attacks against Modern Solutions”, aprenderemos cómo eludir soluciones de seguridad modernas y profundizaremos en la seguridad informática #Kernel #WindowsVBS #ofensivesec Danijel Grah

Nos alegra presentar a Daniel Grah Danijel Grah como nuevo ponente confirmado para EuskalHack Security Congress VI #ESCVI securitycongress.euskalhack.org/ponentes_es.ht…

Very interesting findings from my colleague Danijel Grah on the dreadful IOS XE vulnerability. The summarized command chain can be used in your Threat Detection tools, to spot an exploit attempt in time.

LeakIX Danijel Grah Implant Version 3 ⬇️ Looks like Talos updated their blog too: blog.talosintelligence.com/active-exploit…

Horizon3 Attack Team mRr3b00t GreyNoise Florian Roth

Did any honeypot folks catch this ? cc

SECUINFRA FALCON TEAM
Danijel Grah

Danijel Grah mRr3b00t GreyNoise 👻 spooky ipv6-only networking 👻 another one

First we can see a 'show ver' command executed and then the user cisco_support was added as indicated by the POC
(horizon3.ai/cisco-ios-xe-c…)

Moxie Marlinspike Always refreshing what you come up with 😀

The gist contains the lua backdoor and other useful IOCs for hunting.

¡No te pierdas el video recopilatorio de EuskalHack Security Congress VI! youtu.be/t1l2ng8usJo /CC Andriy Brukhovetskyy 🇺🇦 Joxean Koret (@[email protected]) Secu Danijel Grah Pavel Zhovner Arnau (@[email protected]) @six2dez1 Lu𝑖s Toro ATTL4S IGOR MrSquid jomoza void m4p()

Danijel Grah Miha Pecnik Just weird.