Volexity recently disclosed details related to exploitation of Ivanti Connect Secure VPN, revealing how the attacker chained two zero-day vulnerabilities to achieve remote code execution. When investigating the source of compromise, Volexity employed memory forensics, analyzing a memory sample collected from a suspected compromised VPN device, which allowed Volexity to zero in on the source of the compromise. "The lesson for analysts is to independently verify the integrity and trustworthiness of high-value targets using memory forensics, rather than only relying on tools that run on a potentially compromised device."
🔗 https://www.volexity.com/blog/2024/02/01/how-memory-forensics-revealed-exploitation-of-ivanti-connect-secure-vpn-zero-day-vulnerabilities/