Skip to content

Clear and Present Haag-er: ZDI-CAN-25373 #3417

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Apr 1, 2025
Merged

Clear and Present Haag-er: ZDI-CAN-25373 #3417

merged 7 commits into from
Apr 1, 2025

Conversation

MHaggis
Copy link
Contributor

@MHaggis MHaggis commented Mar 24, 2025
edited
Loading

Adds new detections and story for ZDI-CAN-25373 Windows shortcut zero-day vulnerability:

  • Windows SSH ProxyCommand abuse detection
  • Windows Explorer LNK exploit with padding detection
  • Windows Explorer spawning PowerShell/CMD detection
  • Analytic story covering APT campaigns exploiting this vulnerability

Thank you to AJ and Jesse Hunter (Community) for the assist!

@MHaggis
Clear and Present Haag-er
4ae8de7 
Adds new detections and story for ZDI-CAN-25373 Windows shortcut zero-day vulnerability:
- Windows SSH ProxyCommand abuse detection
- Windows Explorer LNK exploit with padding detection
- Windows Explorer spawning PowerShell/CMD detection
- Analytic story covering APT campaigns exploiting this vulnerability

Thank you to AJ and Hunter (Community) for the assist!
@MHaggis MHaggis changed the title Clear and Present Haag-er Clear and Present Haag-er: ZDI-CAN-25373 Mar 24, 2025
@MHaggis
Jesse Hunter Added
5b072d2 
Added Jesse Hunter
@patel-bhavin patel-bhavin added this to the v5.3.0 milestone Mar 25, 2025
@patel-bhavin
Copy link
Contributor

Updates look good! 🚢

@patel-bhavin patel-bhavin merged commit 041054c into develop Apr 1, 2025
4 checks passed
@patel-bhavin patel-bhavin deleted the ZDI-CAN-25373 branch April 1, 2025 21:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@patel-bhavin patel-bhavin patel-bhavin approved these changes

@ljstella ljstella Awaiting requested review from ljstella ljstella is a code owner

Assignees
No one assigned
Labels
Detections Stories
Projects
None yet
Milestone
v5.3.0
Development

Successfully merging this pull request may close these issues.
2 participants
@MHaggis @patel-bhavin