In December 2023 and April 2024, Volexity detected zero-day vulnerabilities being exploited in the wild against different edge devices, namely the Ivanti Connect Secure (CVE-2023-46805, CVE-2024-21887 ) and Palo Alto GlobalProtect (CVE-2024-3400) firewalls. Through its Network Security Monitoring (NSM) service, Volexitydetected lateral movement of the attackers in customer networks, and through high-paced investigations, identified the root cause of each intrusion.
This talk will cover the following:
- Demonstrate the value of properly implemented NSM and YARA-rule based detections.
- Show the use of memory forensics to aid in root-cause analysis and zero-day discovery.
- Provide an inside track on the investigations that led to the discovery of each vulnerability.
The talk will conclude with the lessons learned from these incident investigations, and how organizations can reduce their attack surface and enhance their network visibility.