How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities

In a recent series of blog posts related to two zero-day vulnerabilities in Ivanti Connect Secure VPN, Volexity shared details of active in-the-wild exploitation; provided an update on how exploitation had gone worldwide; and reported observations of how malware and modifications to the built-in Integrity Checker Tool were used to evade detection. A critical piece of Volexity’s initial investigation involved collecting and analyzing a memory sample. As noted in the first blog post of the three-part series (emphasis …

blog blog posts connect exploitation forensics integrity ivanti ivanti connect secure ivanti connect secure vpn malware memory memory forensics modifications posts secure vpn series tool update volexity vpn vulnerabilities zero-day zero-day vulnerabilities