On November 12, 2024, a joint cybersecurity advisory was released by agencies from the United States, Australia, Canada, New Zealand, and the United Kingdom. This advisory highlights the **top routinely exploited vulnerabilities of 2023**, offering insights into persistent threats and the measures organizations can take to protect themselves.

In this video, we break down key findings from the report, including:

• Vulnerabilities exploited across multiple years, such as **CVE-2021-44228 (Log4j)** and **CVE-2020-1472 (Netlogon)**.
• How **EDR solutions** play a critical role in detecting zero-day exploits.
• Detailed detections and hunting strategies for vulnerabilities like **CVE-2023-23397 (Outlook EoP)**.

We also explore how malicious actors continue leveraging older vulnerabilities, demonstrating the importance of patching and robust detection strategies. With practical detections ranging from Sigma rules to Splunk queries, this video provides actionable insights for defenders.

✅ *Subscribe to SnapAttack for more in-depth analyses and real-world applications of cybersecurity defenses.*

📢 *Have questions or topics you’d like us to cover? Drop a comment below!*

👋 *Follow us:*
https://www.linkedin.com/company/snapattack/
https://twitter.com/snapattackhq
https://www.linkedin.com/in/ajkingio/
https://twitter.com/ajkingio

SnapAttack Resources:

• https://app.snapattack.com/collection/02276a42-b7bc-4680-8110-b481f50d0bb9 - Collection: 2023 Top Routinely Exploited Vulnerabilities
• https://app.snapattack.com/collection/vulnerability/CVE-2020-1472 - Collection: CVE-2020-1472
• https://app.snapattack.com/intelligence/b62b1e61-ee64-4cf8-a6a3-a40455f13be7 - Intelligence: CosmicBeetle Deploys Custom ScRansom Ransomware, Partnering with RansomHub
• https://app.snapattack.com/intelligence/6a9f0595-9e0e-46cb-8c24-deef44287434 - Intelligence: RansomHub Actors Exploit ZeroLogon Vuln in Recent Ransomware Attacks
• https://app.snapattack.com/threat/5006e1a8-e107-c1ea-39d6-d0683eb60040 - Threat: Zerologon Remote Domain Controller Privilege Escalation
• https://app.snapattack.com/detection/9281e2e3-2c13-48fe-929b-85867653e0f0 - Detection: Zerologon sets machine account password to Empty String
• https://app.snapattack.com/collection/vulnerability/CVE-2021-44228 - Collection: CVE-2021-44228
• https://app.snapattack.com/threat/4756c394-a8e5-e2d5-40cd-2dce0d9ea251 - Threat: Log4j/CVE-2021-44228 - Exploiting Tomcat Servlet with GET, POST, and User-Agent Strings
• https://app.snapattack.com/detection/fbace2b6-add3-4441-b604-61e62f934228 - Detection: Unknown Process Using The Kerberos Protocol
• https://app.snapattack.com/detection/d8e83c61-ccad-42c3-9a7f-1e7635ae4fbf - Detection: Suspicious Process By Web Server Process
• https://app.snapattack.com/detection/a4245113-064a-4b83-9fb6-5711effb7f34 - Detection: Suspicious PowerShell Encoded Command Patterns
• https://app.snapattack.com/detection/8e7db9be-153b-4348-9d35-4227b0e6f9c9 - Detection: Shell Process Spawned by Java.EXE
• https://app.snapattack.com/threat/ab87870c-443a-8c49-24d8-63aab29e6749 - Threat: Persistence via Microsoft Outlook Elevation of Privilege Vulnerability (CVE-2023-23397)
• https://app.snapattack.com/detection/ce6482ed-d747-4b13-87a1-7f4b5dbdae1a - Detection: CVE-2023-23397 via Registry

References:

• https://www.cisa.gov/sites/default/files/2024-11/aa24-317a-2023-top-routinely-exploited-vulnerabilities.pdf