Hack/Defend Fortinet FortiOS and FortiProxy
Ongoing nation state attacks on Fortinet have revealed a series of CVEs (zero days), some of which are being exploited in the wild.
Fortinet is a network security company, and subsequently, a target for nation state attacks. Their software and products, including most recently FortiOS and in the past, FortiGate, have been attacked via targeted malware, a remote access trojan called Coathanger.
I will do a quick write up for both blue team and red team. I start with blue team, which you red teamers / security researchers / hackers should read as well, because the info there will re-enforce your research and attempts.
Blue Team / Defend
For defending your Fortinet products, like FortiOS, FortiGate, first and foremost, upgrade the product FortiOS and FortiProxy (both of which use sslvpnd, the library vulnerable to an “out-of-bounds write vulnerability [CWE-787]”, designated CVE-2024–21762, and internally at Fortinet as FG-IR-24–015.
Secondly, check out this blue team tool which checks for IOCs (indicators of compromise) against the Coathanger malware, which is a RAT (remote access trojan). The most advanced blue team tool is open source from the Dutch cyber military and…