Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment

Hackers exploited a zero-day vulnerability in KnowledgeDeliver, a web application, by leveraging hardcoded machineKey values in a configuration file to enable ViewState deserialization attacks, resulting in remote code execution. This vulnerability affects web applications using KnowledgeDeliver. The attack vector is a deserialization vulnerability.

1. KnowledgeDeliver web application, ViewState deserialization attacks, CVE not specified
2. Hardcoded machineKey values in configuration file, affected versions unknown, exploitability high
3. Attack chain: configuration file access, ViewState deserialization, remote code execution
4. Detection opportunity: unusual network traffic, suspicious configuration file modifications

T1210 - Exploitation of Remote Services

Apply patches or updates for KnowledgeDeliver, restrict access to configuration files, implement monitoring for ViewState deserialization attacks