In early September 2023, APT29, a group affiliated with Russia’s SVR, targeted multiple embassy offices using a WinRAR vulnerability. Their cyberespionage aims hinted at geopolitical motives. Exploiting CVE-2023-38831, the attackers executed a phishing campaign using a deceitful PDF, demonstrating the critical role of cybersecurity awareness and regular software updates in preventing such attacks.
Author: Matei Josephs
I am a Senior Penetration Tester who likes to challenge the status quo and keep learning
Passing Your OSCP In 2023 (or 2024)
I am aware that the internet is full of videos, blog and forum posts, GitHub pages (and the list goes on) about the OffSec Certified
Trench Tales: The College Account Takeover That Never Happened
A story of mass-discovery of LDAP Anonymous Binding leading to the account takeover of all members of a college. Explore the methodology, the challenges and the discoveries of this research project.
DLL Hijacking – Finding CVE-2023-36546 in PEStudio 9.52
How to discover your first CVEs with DLL Hijacking