{"id":12327,"date":"2021-01-11T00:33:01","date_gmt":"2021-01-11T00:33:01","guid":{"rendered":"https:\/\/nsfocusglobal.com\/?p=12327"},"modified":"2021-01-11T00:33:01","modified_gmt":"2021-01-11T00:33:01","slug":"unauthorized-access-of-fireeye-red-team-tools-protection-solution","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/unauthorized-access-of-fireeye-red-team-tools-protection-solution\/","title":{"rendered":"Unauthorized Access of FireEye Red Team Tools Protection Solution"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Overview<\/h2>\n\n\n\n<p>On December 8, 2020, FireEye, a cybersecurity company, posted a blog stating that its internal network was attacked by a sophisticated organization and that FireEye Red Team tools were stolen.<\/p>\n\n\n\n<p>According to FireEye, the stolen Red Team tools were mainly used to provide its customers with basic penetration testing services and <strong>did not contain zero-day exploits or unknown techniques<\/strong>. The tools involved include open-source tools, secondary development versions of open-source tools, and some independently developed weaponized tools. In terms of usage, the tools basically cover the various stages of the life cycle of attacks, such as persistence, privilege escalation, defense bypass, credential acquisition, information collection within the domain, and lateral movement. Some of these tools have already been released to the community and are already distributed in our open-source virtual machine, CommandoVM.<\/p>\n\n\n\n<!--more-->\n\n\n\n<p>The stolen Red Team tools are like a time bomb. Whether the attacker uses them himself or publicly discloses them, the tools will become a major threat. Therefore, in order to enable organizations to take measures in advance, FireEye has issued countermeasures. NSFOCUS immediately analyzed the countermeasures disclosed by FireEye. <strong>Now, it can provide detection and protection capabilities against the stolen tools and the vulnerabilities involved.<\/strong><\/p>\n\n\n\n<p>Reference link:<\/p>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttps:\/\/www.fireeye.com\/blog\/threat-research\/2020\/12\/unauthorized-access-of-fireeye-red-team-tools.html\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Technical Solutions<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">FireEye&#8217;s Countermeasures<\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Rules for Detecting the Stolen Tools<\/strong><\/li><\/ul>\n\n\n\n<p>To help organizations identify the malicious exploit of the stolen tools, FireEye has published the detection rules for the stolen tools at GitHub. The current 311 detection rules include 165 in Yara, 34 in Snort, 88 in IOC, and 24 in ClamAV. The GitHub repository will continue to be updated. Please refer to the following link: <strong>https:\/\/github.com\/fireeye\/red_team_tool_countermeasures<\/strong><strong><\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Vulnerabilities Involved in the Stolen Tools<\/strong><\/li><\/ul>\n\n\n\n<p>The GitHub repository published by FireEye has also disclosed 16 known vulnerabilities related to the stolen tools, which affect operating systems as well as applications and network equipment commonly used by enterprises. To fix these vulnerabilities can effectively prevent the Red Team tools from working.<\/p>\n\n\n\n<p>The vulnerabilities are listed in the following table:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><strong>CVE ID<\/strong><strong><\/strong><\/td><td><strong>Vulnerability<\/strong><strong><\/strong><\/td><\/tr><tr><td><strong>CVE-2014-1812<\/strong><strong><\/strong><\/td><td>Windows local privilege escalation<\/td><\/tr><tr><td><strong>CVE-2016-0167<\/strong><strong><\/strong><\/td><td>Local privilege escalation on older versions of Microsoft Windows<\/td><\/tr><tr><td><strong>CVE-2017-11774<\/strong><strong><\/strong><\/td><td>RCE in Microsoft Outlook via crafted document execution (phishing)<\/td><\/tr><tr><td><strong>CVE-2018-13379<\/strong><strong><\/strong><\/td><td>Pre-auth arbitrary file reading from Fortinet Fortigate SSL VPN<\/td><\/tr><tr><td><strong>CVE-2018-15961<\/strong><strong><\/strong><\/td><td>RCE via Adobe ColdFusion (arbitrary file upload that can be used to upload a JSP web shell)<\/td><\/tr><tr><td><strong>CVE-2018-8581<\/strong><strong><\/strong><\/td><td>Microsoft Exchange Server privilege escalation<\/td><\/tr><tr><td><strong>CVE-2019-0604<\/strong><strong><\/strong><\/td><td>Microsoft Sharepoint RCE<\/td><\/tr><tr><td><strong>CVE-2019-0708<\/strong><strong><\/strong><\/td><td>RCE of Windows Remote Desktop Services (RDS)<\/td><\/tr><tr><td><strong>CVE-2019-11510<\/strong><strong><\/strong><\/td><td>Pre-auth arbitrary file reading from Pulse Secure SSL VPNs<\/td><\/tr><tr><td><strong>CVE-2019-11580<\/strong><strong><\/strong><\/td><td>Atlassian Crowd RCE<\/td><\/tr><tr><td><strong>CVE-2019-19781<\/strong><strong><\/strong><\/td><td>RCE of Citrix Application Delivery Controller and Citrix Gateway<\/td><\/tr><tr><td><strong>CVE-2019-3398<\/strong><strong><\/strong><\/td><td>Confluence authenticated RCE<\/td><\/tr><tr><td><strong>CVE-2019-8394<\/strong><strong><\/strong><\/td><td>Arbitrary pre-auth file upload to ZoHo ManageEngine ServiceDesk Plus<\/td><\/tr><tr><td><strong>CVE-2020-0688<\/strong><strong><\/strong><\/td><td>Microsoft Exchange RCE<\/td><\/tr><tr><td><strong>CVE-2020-10189<\/strong><strong><\/strong><\/td><td>ZoHo ManageEngine Desktop Central RCE<\/td><\/tr><tr><td><strong>CVE-2020-1472<\/strong><strong><\/strong><\/td><td>Microsoft Active Directory privilege escalation<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttps:\/\/github.com\/fireeye\/red_team_tool_countermeasures\/blob\/master\/CVEs_red_team_tools.md\n<\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Workaround<\/h3>\n\n\n\n<p>It is recommended that system administrators determine whether the business system is affected by the 16 vulnerabilities involved in the Red Team tools based on their own assets, and install corresponding patches in time for protection.<\/p>\n\n\n\n<p>FireEye also released multiple detection rules for detecting the leaked Red Team tools. Administrators can use the rules in Yara, Snort or ClamAV provided by FireEye for detection and protection according to their own conditions. For specific operations, please refer to the official guidance documents at the following links:<\/p>\n\n\n\n<p>YARA: <a href=\"https:\/\/yara.readthedocs.io\/en\/stable\/yarapython.html\">https:\/\/yara.readthedocs.io\/en\/stable\/yarapython.html<\/a><\/p>\n\n\n\n<p>SNORT: <a href=\"https:\/\/snort.org\/documents\">https:\/\/snort.org\/documents<\/a><\/p>\n\n\n\n<p>ClamAV: <a href=\"http:\/\/www.clamav.net\/documents\/clam-antivirus-user-manual\">http:\/\/www.clamav.net\/documents\/clam-antivirus-user-manual<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">NSFOCUS&#8217;s Recommendations<\/h3>\n\n\n\n<p>Based on existing information, NSFOCUS has taken emergency measures against the leaked Red Team tools.<\/p>\n\n\n\n<p>With the update of FireEye&#8217;s rules, NSFOCUS will continue to follow up and provide detection and protection capabilities. Users are advised to stay tuned.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Detection and Protection for the Stolen Red Team Tools<\/strong><\/li><\/ul>\n\n\n\n<p>In order to respond to potential malicious attacks launched by the leak tools, NSFOCUS has updated the <strong>NSFOCUS Threat Analysis Center (TAC)<\/strong> based on the rule information disclosed by FireEye to provide users with detection and protection capabilities.<\/p>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttp:\/\/update.nsfocus.com\/update\/listTacDetail\/v\/ruleV2.0.2\n<\/div><\/figure>\n\n\n\n<p>Besides, <strong>NSFOCUS Threat Intelligence (NTI)<\/strong> has included and supported the IOC of the leaked tools.<\/p>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttps:\/\/nti.nsfocus.com\/\n<\/div><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Detection and Protection for Vulnerabilities Related to the Stolen Red Team Tools<\/strong><\/li><\/ul>\n\n\n\n<p>Based on the list of vulnerabilities related to the stolen tools officially released by FireEye, NSFOCUS has confirmed that its products can detect and protect against all the 16 vulnerabilities involved. It is recommended that users who have deployed the following devices upgrade to the latest version as soon as possible.<\/p>\n\n\n\n<p>Detection products: NSFOCUS Remote Security Assessment System (RSAS V6), NSFOCUS Intrusion Detection System (NIDS), and NSFOCUS Unified Threat Sensor (UTS)<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Remote Security Assessment System (RSAS V6)<strong><\/strong><\/li><\/ul>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttp:\/\/update.nsfocus.com\/update\/listRsas\n<\/div><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>NSFOCUS Intrusion Detection System (NIDS)<strong><\/strong><\/li><\/ul>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttp:\/\/update.nsfocus.com\/update\/listIds\n<\/div><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Unified Threat Sensor (UTS)<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttp:\/\/update.nsfocus.com\/update\/bsaUtsIndex\n<\/div><\/figure>\n\n\n\n<p><a>Protection products: NSFOCUS Intrusion Protection System (NIPS) and NSFOCUS Web Application Firewall (WAF)<\/a><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>NSFOCUS Intrusion Protection System (NIPS)<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttp:\/\/update.nsfocus.com\/update\/listIps\n<\/div><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>NSFOCUS Web Application Firewall (WAF)<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttp:\/\/update.nsfocus.com\/update\/wafIndex\n<\/div><\/figure>\n\n\n\n<p>Platform products:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>NSFOCUS Threat Analysis and Management Platform (TAM)<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttps:\/\/www.nsfocus.com.cn\/html\/2019\/210_1009\/63.html\n<\/div><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>NSFOCUS Enterprise Security Platform (ESP-H)<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttps:\/\/www.nsfocus.com.cn\/html\/2019\/209_1230\/96.html\n<\/div><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>NSFOCUS Intelligent Security Operation Platform (ISOP)<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttp:\/\/update.nsfocus.com\/update\/isopIndex\n<\/div><\/figure>\n\n\n\n<p>For details of detection and protection upgrade packages of the above products against each vulnerability, see &#8220;Appendix A: Details of Related Vulnerability Detection and Protection&#8221;.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Implication<\/h2>\n\n\n\n<p>The case of unauthorized access of FireEye Red Team tools is easily reminiscent of the multiple exposures of the &#8220;Formula Organization&#8221; Arsenal in the past few years. The latter also caused an uproar in the field of cybersecurity. Since then, the impact and harm caused by the leakage and spread of network arsenal has been truly exposed around the world. After all, a considerable number of people have experienced the fear of being dominated by WannaCry.<\/p>\n\n\n\n<p>Once spread, the Red Team tools will greatly facilitate potential attackers and severely disrupt the balance between attackers and defenders. Therefore, holders of similar tools should be more careful in the following aspects:<\/p>\n\n\n\n<p><strong>1. Properly store and preserve tools<\/strong><\/p>\n\n\n\n<p>In addition to physical storage security, tools can also be encrypted through hard encryption methods such as PGP. In this way, even if the tools are leaked, they cannot<a> <\/a>be decrypted and used, which can effectively reduce the leakage harm.<\/p>\n\n\n\n<p><strong>2. Strengthen management<\/strong><\/p>\n\n\n\n<p>Strictly manage the access control of these tools, and restrict the access personnel by setting the authority level. At the same time, query access records at any time via logs to find abnormal access and operations.<\/p>\n\n\n\n<p><strong>3. Standardize personnel operations<\/strong><\/p>\n\n\n\n<p>After setting the software-level storage and management specifications, it is necessary to strengthen personnel training to avoid non-compliant and improper operations, which may lead to the leakage of similar sensitive tools.<\/p>\n\n\n\n<p>This leakage incident once again alarms security vendors. Everyone should pay more attention to the role of similar &#8220;Arsenal&#8221; in the games of offense and defense, strengthen relevant internal management, improve response and processing capabilities, and avoid such incidents and reduce the aftermath.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Appendix A: Details of Related Vulnerability Detection and Protection<\/strong><\/li><\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><strong>CVE ID<\/strong><strong><\/strong><\/td><td><strong>NSFOCUS Product Rules<\/strong><strong><\/strong><\/td><td><strong>Upgrade Package Version<\/strong><strong><\/strong><\/td><\/tr><tr><td><strong>CVE-2014-1812<\/strong><strong><\/strong><\/td><td>RSAS<\/td><td>System plug-in V6.0R02F01.2012<\/td><\/tr><tr><td><strong>CVE-2016-0167<\/strong><strong><\/strong><\/td><td>RSAS<\/td><td>System plug-in V6.0R02F01.2011<\/td><\/tr><tr><td><strong>CVE-2017-11774<\/strong><strong><\/strong><\/td><td>RSAS<\/td><td>System plug-in V6.0R02F01.2011<\/td><\/tr><tr><td>IPS<\/td><td>5.6.10.20655<\/td><\/tr><tr><td>UTS<\/td><td>5.6.10.20655<\/td><\/tr><tr><td><strong>CVE-2018-13379<\/strong><strong><\/strong><\/td><td>RSAS<\/td><td>System plug-in V6.0R02F01.1812<\/td><\/tr><tr><td>WAF<\/td><td>6.0.7.0.46716\/6.0.7.1.46716<br>Rule ID27004981 fortios_lang_ptravel<\/td><\/tr><tr><td><strong>CVE-2018-15961<\/strong><strong><\/strong><\/td><td>RSAS<\/td><td>System plug-in V6.0R02F01.2011<\/td><\/tr><tr><td>IPS<\/td><td>5.6.10.24166<\/td><\/tr><tr><td>WAF<\/td><td>&#8220;Illegal file upload protection&#8221; policy<\/td><\/tr><tr><td>UTS<\/td><td>5.6.10.24166<\/td><\/tr><tr><td><strong>CVE-2018-8581<\/strong><strong><\/strong><\/td><td>RSAS<\/td><td>System plug-in V6.0R02F01.2011<\/td><\/tr><tr><td>IPS<\/td><td>5.6.10.21152<\/td><\/tr><tr><td>WAF<\/td><td>6.0.7.0.46716\/6.0.7.1.46716<br>Rule ID27004964 exchange_privilege_elevation<\/td><\/tr><tr><td>UTS<\/td><td>5.6.10.23542<\/td><\/tr><tr><td><strong>CVE-2019-0604<\/strong><strong><\/strong><\/td><td>RSAS<\/td><td>System plug-in V6.0R02F01.2011<\/td><\/tr><tr><td>IPS<\/td><td>5.6.10.23040<\/td><\/tr><tr><td>UTS<\/td><td>5.6.10.23040<\/td><\/tr><tr><td><strong>CVE-2019-0708<\/strong><strong><\/strong><\/td><td>RSAS<\/td><td>System plug-in V6.0R02F01.1411<\/td><\/tr><tr><td>IPS<\/td><td>5.6.10.20383<\/td><\/tr><tr><td>UTS<\/td><td>5.6.10.23542<\/td><\/tr><tr><td><strong>CVE-2019-11510<\/strong><strong><\/strong><\/td><td>RSAS<\/td><td>System plug-in V6.0R02F01.1812<\/td><\/tr><tr><td>IPS<\/td><td>5.6.10.21238<\/td><\/tr><tr><td>WAF<\/td><td>6.0.7.0.46716\/6.0.7.1.46716<br>Rule ID27004979 pulse_abfile_read<\/td><\/tr><tr><td><strong>CVE-2019-11580<\/strong><strong><\/strong><\/td><td>RSAS<\/td><td>System plug-in V6.0R02F01.1505<\/td><\/tr><tr><td>IPS<\/td><td>5.6.10.24166<\/td><\/tr><tr><td>WAF<\/td><td>&#8220;Illegal file upload protection&#8221; policy<\/td><\/tr><tr><td>UTS<\/td><td>5.6.10.24166<\/td><\/tr><tr><td><strong>CVE-2019-19781<\/strong><strong><\/strong><\/td><td>RSAS<\/td><td>System plug-in V6.0R02F01.1812<\/td><\/tr><tr><td>IPS<\/td><td>5.6.10.22558<\/td><\/tr><tr><td>WAF<\/td><td>6.0.7.0.46716\/6.0.7.1.46716<br>Rule ID27004971 citrix_gateway_ptravel<\/td><\/tr><tr><td>UTS<\/td><td>5.6.10.23542<\/td><\/tr><tr><td><strong>CVE-2019-3398<\/strong><strong><\/strong><\/td><td>RSAS<\/td><td>System plug-in V6.0R02F01.2011<\/td><\/tr><tr><td>IPS<\/td><td>5.6.10.24166<\/td><\/tr><tr><td>WAF<\/td><td>6.0.7.0.46716\/6.0.7.1.46716<br>Rule ID27004887 confluence_upload_path_travel<\/td><\/tr><tr><td>UTS<\/td><td>5.6.10.24166<\/td><\/tr><tr><td>IPS<\/td><td>5.6.10.19741<\/td><\/tr><tr><td>WAF<\/td><td>&#8220;Illegal file upload protection&#8221; policy<\/td><\/tr><tr><td>UTS<\/td><td>5.6.10.19741<\/td><\/tr><tr><td><strong>CVE-2020-0688<\/strong><strong><\/strong><\/td><td>RSAS<\/td><td>System plug-in V6.0R02F01.2011<\/td><\/tr><tr><td>IPS<\/td><td>5.6.10.22068<\/td><\/tr><tr><td>WAF<\/td><td>6.0.7.0.46716\/6.0.7.1.46716<br>Rule ID27004936 exchange_deserialization_rce<\/td><\/tr><tr><td>UTS<\/td><td>5.6.10.23542<\/td><\/tr><tr><td><strong>CVE-2020-10189<\/strong><strong><\/strong><\/td><td>RSAS<\/td><td>System plug-in V6.0R02F01.2011<\/td><\/tr><tr><td>IPS<\/td><td>5.6.10.22284<\/td><\/tr><tr><td>WAF<\/td><td>6.0.7.0.46716\/6.0.7.1.46716<br>Rule ID27004940 zoho_central_deserialization<\/td><\/tr><tr><td>UTS<\/td><td>5.6.10.23542<\/td><\/tr><tr><td><strong>CVE-2020-1472<\/strong><strong><\/strong><\/td><td>RSAS<\/td><td>System plug-in V6.0R02F01.1917<\/td><\/tr><tr><td>IPS<\/td><td>5.6.10.23542<\/td><\/tr><tr><td>UTS<\/td><td>5.6.10.23542<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Appendix B: Product Use Guides<\/strong><\/li><\/ul>\n\n\n\n<ul class=\"wp-block-list\"><li>Protection Configuration on NIPS<\/li><\/ul>\n\n\n\n<p>On NIPS, under <strong>System &gt; System Update &gt; Offline Update<\/strong>, browse to the update file just downloaded and click <strong>Upload<\/strong>.<\/p>\n\n\n\n<p>After the update is installed, find the rule by ID in the default rule base and view rule details.<\/p>\n\n\n\n<p><strong>Note: After the update is installed, the engine automatically restarts to make it take effect, which does not disconnect any sessions, but may cause the loss of three to five packets during ping operations. Therefore, it is recommended that the update be installed at an appropriate time.<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Protection Configuration on WAF<\/li><\/ul>\n\n\n\n<p>On WAF, choose <strong>System Management &gt; System Tools &gt; Rule Upgrade<\/strong>.<\/p>\n\n\n\n<p>Under Manual Upgrade, browse to the upgrade package and click Submit.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Statement<\/h2>\n\n\n\n<p>This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and\/or indirect consequences and losses caused by transmitting and\/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add\/delete any information to\/from it, or use this advisory for commercial purposes without permission from NSFOCUS.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About NSFOCUS<\/h2>\n\n\n\n<p>NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company&#8217;s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.<\/p>\n\n\n\n<p>NSFOCUS works with Fortune Global 500 companies, including four of the world&#8217;s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).<\/p>\n\n\n\n<p>A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview On December 8, 2020, FireEye, a cybersecurity company, posted a blog stating that its internal network was attacked by a sophisticated organization and that FireEye Red Team tools were stolen. According to FireEye, the stolen Red Team tools were mainly used to provide its customers with basic penetration testing services and did not contain [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":12329,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[6],"tags":[410],"class_list":["post-12327","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-emergency-response","tag-fireeye"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Unauthorized Access of FireEye Red Team Tools Protection Solution - NSFOCUS<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nsfocusglobal.com\/unauthorized-access-of-fireeye-red-team-tools-protection-solution\/\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Unauthorized Access of FireEye Red Team Tools Protection Solution - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"Overview On December 8, 2020, FireEye, a cybersecurity company, posted a blog stating that its internal network was attacked by a sophisticated\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/unauthorized-access-of-fireeye-red-team-tools-protection-solution\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2021-01-11T00:33:01+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/12\/FireEye.jpg\" \/>\n<meta name=\"author\" content=\"NSFOCUS\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Unauthorized Access of FireEye Red Team Tools Protection Solution - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"Overview On December 8, 2020, FireEye, a cybersecurity company, posted a blog stating that its internal network was attacked by a sophisticated\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/12\/FireEye.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"NSFOCUS\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/unauthorized-access-of-fireeye-red-team-tools-protection-solution\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/unauthorized-access-of-fireeye-red-team-tools-protection-solution\\\/\"},\"author\":{\"name\":\"NSFOCUS\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\"},\"headline\":\"Unauthorized Access of FireEye Red Team Tools Protection Solution\",\"datePublished\":\"2021-01-11T00:33:01+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/unauthorized-access-of-fireeye-red-team-tools-protection-solution\\\/\"},\"wordCount\":1781,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/unauthorized-access-of-fireeye-red-team-tools-protection-solution\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/FireEye.jpg\",\"keywords\":[\"FireEye\"],\"articleSection\":[\"Emergency Response\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/unauthorized-access-of-fireeye-red-team-tools-protection-solution\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/unauthorized-access-of-fireeye-red-team-tools-protection-solution\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/unauthorized-access-of-fireeye-red-team-tools-protection-solution\\\/\",\"name\":\"Unauthorized Access of FireEye Red Team Tools Protection Solution - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/unauthorized-access-of-fireeye-red-team-tools-protection-solution\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/unauthorized-access-of-fireeye-red-team-tools-protection-solution\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/FireEye.jpg\",\"datePublished\":\"2021-01-11T00:33:01+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/unauthorized-access-of-fireeye-red-team-tools-protection-solution\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/unauthorized-access-of-fireeye-red-team-tools-protection-solution\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/unauthorized-access-of-fireeye-red-team-tools-protection-solution\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/FireEye.jpg\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/FireEye.jpg\",\"width\":570,\"height\":269,\"caption\":\"FireEye logo with stylized red emblem.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/unauthorized-access-of-fireeye-red-team-tools-protection-solution\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Unauthorized Access of FireEye Red Team Tools Protection Solution\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\",\"name\":\"NSFOCUS\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"caption\":\"NSFOCUS\"},\"sameAs\":[\"https:\\\/\\\/nsfocusglobal.com\"],\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Unauthorized Access of FireEye Red Team Tools Protection Solution - NSFOCUS","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nsfocusglobal.com\/unauthorized-access-of-fireeye-red-team-tools-protection-solution\/","og_locale":"pt_BR","og_type":"article","og_title":"Unauthorized Access of FireEye Red Team Tools Protection Solution - NSFOCUS","og_description":"Overview On December 8, 2020, FireEye, a cybersecurity company, posted a blog stating that its internal network was attacked by a sophisticated","og_url":"https:\/\/nsfocusglobal.com\/unauthorized-access-of-fireeye-red-team-tools-protection-solution\/","og_site_name":"NSFOCUS","article_published_time":"2021-01-11T00:33:01+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/12\/FireEye.jpg","type":"","width":"","height":""}],"author":"NSFOCUS","twitter_card":"summary_large_image","twitter_title":"Unauthorized Access of FireEye Red Team Tools Protection Solution - NSFOCUS","twitter_description":"Overview On December 8, 2020, FireEye, a cybersecurity company, posted a blog stating that its internal network was attacked by a sophisticated","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/12\/FireEye.jpg","twitter_misc":{"Escrito por":"NSFOCUS","Est. tempo de leitura":"9 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/unauthorized-access-of-fireeye-red-team-tools-protection-solution\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/unauthorized-access-of-fireeye-red-team-tools-protection-solution\/"},"author":{"name":"NSFOCUS","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d"},"headline":"Unauthorized Access of FireEye Red Team Tools Protection Solution","datePublished":"2021-01-11T00:33:01+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/unauthorized-access-of-fireeye-red-team-tools-protection-solution\/"},"wordCount":1781,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/unauthorized-access-of-fireeye-red-team-tools-protection-solution\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/12\/FireEye.jpg","keywords":["FireEye"],"articleSection":["Emergency Response"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/unauthorized-access-of-fireeye-red-team-tools-protection-solution\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/unauthorized-access-of-fireeye-red-team-tools-protection-solution\/","url":"https:\/\/nsfocusglobal.com\/unauthorized-access-of-fireeye-red-team-tools-protection-solution\/","name":"Unauthorized Access of FireEye Red Team Tools Protection Solution - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/unauthorized-access-of-fireeye-red-team-tools-protection-solution\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/unauthorized-access-of-fireeye-red-team-tools-protection-solution\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/12\/FireEye.jpg","datePublished":"2021-01-11T00:33:01+00:00","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/unauthorized-access-of-fireeye-red-team-tools-protection-solution\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/unauthorized-access-of-fireeye-red-team-tools-protection-solution\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/unauthorized-access-of-fireeye-red-team-tools-protection-solution\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/12\/FireEye.jpg","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2020\/12\/FireEye.jpg","width":570,"height":269,"caption":"FireEye logo with stylized red emblem."},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/unauthorized-access-of-fireeye-red-team-tools-protection-solution\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"Unauthorized Access of FireEye Red Team Tools Protection Solution"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/#website","url":"https:\/\/nsfocusglobal.com\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d","name":"NSFOCUS","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","caption":"NSFOCUS"},"sameAs":["https:\/\/nsfocusglobal.com"],"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/12327","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=12327"}],"version-history":[{"count":0,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/12327\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/12329"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=12327"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=12327"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=12327"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}