Notorious Cyber Gang FIN7 Returns With Cl0p Ransomware in New Wave of Attacks

The notorious cybercrime group known as FIN7 has been observed deploying Cl0p aka Clop ransomware, marking the threat actor's first ransomware campaign since late 2021. Microsoft, which detected the activity in April 2023, is tracking the financially motivated actor under its new taxonomy Sangria...

Notorious Cyber Gang FIN7 Returns With Cl0p Ransomware in New Wave of Attacks

The notorious cybercrime group known as FIN7 has been observed deploying Cl0p aka Clop ransomware, marking the threat actor's first ransomware campaign since late 2021. Microsoft, which detected the activity in April 2023, is tracking the financially motivated actor under its new taxonomy Sangria...

FreeBSD : py-impacket -- multiple path traversal vulnerabilities (b692a49c-9ae7-4958-af21-cbf8f5b819ea)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b692a49c-9ae7-4958-af21-cbf8f5b819ea advisory. - Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker...

Kardex Mlog MCC 5.7.12+0-a203c2a213-master File Inclusion / Remote Code Execution

Remote Code Execution in Kardex MLOG ======================================================================= Product: Kardex Mlog MCC Vendor: Kardex Holding AG Tested Version: 5.7.12+0-a203c2a213-master Fixed Version: inline patch - no new version number Vulnerability Type: Improper Control of...

SUSE CVE-2021-31800

Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing...

Suborner - The Invisible Account Forger

What's this? A simple program to create a Windows account you will only know about : Create invisible local accounts without net user or Windows OS user management applications e.g. netapi32::netuseradd Works on all Windows NT Machines Windows XP to 11, Windows Server 2003 to 2022 Impersonate...

Kerberos ticket converter

This module converts tickets to the ccache format from the kirbi format and vice versa. Module Options msf use auxiliary/admin/kerberos/ticketconverter msf auxiliaryticketconverter show actions ...actions... msf auxiliaryticketconverter set ACTION msf auxiliaryticketconverter show options ...show...

Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization

Summary Actions to Help Protect Against APT Cyber Activity: • Enforce multifactor authentication MFA on all user accounts. • Implement network segmentation to separate network segments based on role and functionality. • Update software, including operating systems, applications, and firmware, on...

FBI, CISA, and NSA Reveal How Hackers Targeted a Defense Industrial Base Organization

U.S. cybersecurity and intelligence agencies on Tuesday disclosed that multiple nation-state hacking groups potentially targeted a "Defense Industrial Base DIB Sector organization's enterprise network" as part of a cyber espionage campaign. "Advanced persistent threat actors used an open-source...

Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization

CISA, the Federal Bureau of Investigation FBI, and the National Security Agency NSA have released a joint Cybersecurity Advisory CSA, Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization, highlighting advanced persistent threat APT activity...

Exploit for Path Traversal in Secureauth Impacket

Impacket ======== !Latest Versionhttps://img.shields.io/pyp...

Exploit for CVE-2021-34527

PrintNightmare CVE-2021-34527 This version of the PrintNigh...

Pretender - Your MitM Sidekick For Relaying Attacks Featuring DHCPv6 DNS Takeover As Well As mDNS, LLMNR And NetBIOS-NS Spoofing

Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS, LLMNR and NetBIOS-NS spoofing pretender is a tool developed by RedTeam Pentesting to obtain machine-in-the-middle positions via spoofed local name resolution and DHCPv6 DNS takeover attacks. pretender primarily...

Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data

We discovered the use of two Python penetration-testing tools, Impacket and Responder, that malicious actors used to compromise systems and exfiltrate data. We share our key findings in this report...

SAMR Computer Management

Add, lookup and delete computer / machine accounts via MS-SAMR. By default standard active directory users can add up to 10 new computers to the domain. Administrative privileges however are required to delete the created accounts. Module Options msf use auxiliary/admin/dcerpc/samrcomputer msf...

Exploit for Server-Side Request Forgery in Microsoft

proxylogon my exploit for the proxylogon chain Microsoft Exch...

Exploit for CVE-2022-26809

PoC-CVE-2022-26809 PoC for CVE-2022-26809, analisys and consi...

linWinPwn - A Bash Script That Automates A Number Of Active Directory Enumeration And Vulnerability Checks

linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks. The script leverages and is dependent of a number of tools including: impacket, bloodhound, crackmapexec, ldapdomaindump, lsassy, smbmap, kerbrute, adidnsdump. Setup Git clone the reposito...

Exploit for CVE-2022-26809

CVE-2021-1675 / CVE-2021-34527 Impacket implementation of the...

Tarrask malware uses scheduled tasks for defense evasion

As Microsoft continues to track the high-priority state-sponsored threat actor HAFNIUM, new activity has been uncovered that leverages unpatched zero-day vulnerabilities as initial vectors. The Microsoft Detection and Response Team DART in collaboration with the Microsoft Threat Intelligence Cent...