[Referências do Episódio] Cutting Edge, Part 4: Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies - https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement SA:CVE-2024-21894 (Heap Overflow), CVE-2024-22052 (Null Pointer Dereference), CVE-2024-22053 (Heap Overflow) and CVE-2024-22023 (XML entity expansion or XXE) for Ivanti Connect Secure and Ivanti Policy Secure Gateways - https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US Cutting Edge, Part 2: Investigating Ivanti Connect Secure VPN Zero-Day Exploitation - https://cloud.google.com/blog/topics/threat-intelligence/investigating-ivanti-zero-day-exploitation HTTP/2 CONTINUATION frames can be utilized for DoS attacks - https://kb.cert.org/vuls/id/421644 Latrodectus: This Spider Bytes Like Ice - https://www.proofpoint.com/us/blog/threat-insight/latrodectus-spider-bytes-ice Google fixes one more Chrome zero-day exploited at Pwn2Own - https://www.bleepingcomputer.com/news/security/google-fixes-one-more-chrome-zero-day-exploited-at-pwn2own/ Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies - https://thehackernews.com/2024/04/google-warns-android-zero-day-flaws-in.html Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia