Applocker Evasion - .NET Framework Installation Utility

This module will assist you in evading Microsoft Windows Applocker and Software Restriction Policies. This technique utilises the Microsoft signed binary InstallUtil.exe to execute user supplied code. This module requires Metasploit: https://metasploit.com/download Current source:...

August 30, 2018—KB4343893 (OS Build 16299.637)

August 30, 2018—KB4343893 OS Build 16299.637 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue in Microsoft Foundation Class MFC applications that may cause applications t...

April 23, 2018—KB4093105 (OS Build 16299.402)

April 23, 2018—KB4093105 OS Build 16299.402 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue that causes modern applications to reappear after upgrading the OS version ev...

December 13, 2016 — KB3205386 (OS Build 10586.713)

December 13, 2016 — KB3205386 OS Build 10586.713 Improvements and fixes This security update includes these additional improvements and fixes. No new operating system features are being introduced in this update. Key changes include: Improved reliability of Internet Explorer. Addressed issue with...

January 17, 2018—KB4057401 (Preview of Monthly Rollup)

January 17, 2018—KB4057401 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4056895 released January 8, 2018 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Addresses...

August 15, 2017—KB4034659 (Preview of Monthly Rollup)

August 15, 2017—KB4034659 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4034665 released August 8, 2017 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Addressed an...

Despite Ringleader’s Arrest, Cobalt Group Still Active

Evidence has surfaced that the Cobalt Group – the threat actors behind widespread attacks on banks and ATM jackpotting campaigns across Europe – is continuing to operate, despite the arrest of its accused ringleader in March. The Cobalt Group, first burst on the scene in 2016: in a single night,...

AppLocker Bypass – CMSTP

CMSTP is a binary which is associated with the Microsoft Connection Manager Profile Installer. It accepts INF files which can be weaponised with malicious commands in order to execute arbitrary code in the form of scriptlets SCT and DLL. It is a trusted Microsoft binary which is located in the...

April 17, 2018—KB4093117 (OS Build 15063.1058)

April 17, 2018—KB4093117 OS Build 15063.1058 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue that causes Microsoft Edge to stop working after a few seconds when running ...

PowerShell Runspace Post Exploitation Toolkit: p0wnedShell

p0wnedShell is an offensive PowerShell host application written in C that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment .NET. It has a lot of offensive PowerShell modules and binaries included to make the process of Post...

Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign

Introduction From January 2018 to March 2018, through FireEye’s Dynamic Threat Intelligence, we observed attackers leveraging the latest code execution and persistence techniques to distribute malicious macro-based documents to individuals in Asia and the Middle East. We attribute this activity t...

A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017

Adopting reliable attack methods and techniques borrowed from more evolved threat types, ransomware attained new levels of reach and damage in 2017. The following trends characterize the ransomware narrative in the past year: Three global outbreaks showed the force of ransomware in making...

AppLocker Occasionally Blocking Layered Software

Customer reports that sometimes Office was not running, and it was being blocked by AppLocker...

October 10, 2017—KB4041676 (OS Build 15063.674)

October 10, 2017—KB4041676 OS Build 15063.674 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed issue where some UWP and Centennial apps show a gray icon and display the error...

August 16, 2017—KB4034661 (OS Build 14393.1613)

August 16, 2017—KB4034661 OS Build 14393.1613 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: This package contains d3dcompiler47.dll; for more information, read the blog post,HLSL, FXC, a...

August 8, 2017—KB4034674 (OS Build 15063.540)

August 8, 2017—KB4034674 OS Build 15063.540 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed issue where the policies provisioned using Mobile Device Management MDM should take...

August 8, 2017—KB4034660 (OS Build 10586.1045)

August 8, 2017—KB4034660 OS Build 10586.1045 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed issue where, when deploying an application to a device that is managed by AppLocker,...

Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government

Introduction FireEye recently observed a sophisticated campaign targeting individuals within the Mongolian government. Targeted individuals that enabled macros in a malicious Microsoft Word document may have been infected with Poison Ivy, a popular remote access tool RAT that has been used for...

Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government

Introduction FireEye recently observed a sophisticated campaign targeting individuals within the Mongolian government. Targeted individuals that enabled macros in a malicious Microsoft Word document may have been infected with Poison Ivy, a popular remote access tool RAT that has been used for...

Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government

Introduction FireEye recently observed a sophisticated campaign targeting individuals within the Mongolian government. Targeted individuals that enabled macros in a malicious Microsoft Word document may have been infected with Poison Ivy, a popular remote access tool RAT that has been used for...