tags:windowsthreat_intelITWlpe original link: Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials newsletter link: exploits.club Weekly Newsletter 18
Exploits Club Summary:
Microsoft Threat Intelligence released their research into a long running campaign from Russian Threat Actor, Forrest Blizzard. The post dives into one of their tools, referred to as “GooseEgg”, which takes advantage of a Windows Print Spooler N-day to escalate privileges on a client machine. The write-up does walks through the stages of compromise, before giving some IOCs and advice.