“Ready Player One” – Are you Ready to Protect Your Endpoints from the Bad Guys?

At times it can feel like a game as you watch the cyber-breach scorecards. Yahoo 3 billion users, Equifax 143 million consumers, Uber 57 million users, Imgur 1.7 million users are just a sample of the companies that have released new information on large breaches in the last few months...

Windows Kernel Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create ne...

Jenkins - XStream Groovy classpath Deserialization (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jenkins XStream Groovy classpath Deserialization Vulnerability', 'Description' = %q This module exploits CVE-2016-0792 a vulnerability in Jenkins...

CVE-2017-11935

Microsoft Office 2016 Click-to-Run C2R allows a remote code execution vulnerability due to the way files are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability"...

Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’

Scripts are becoming the weapon of choice of sophisticated activity groups responsible for targeted attacks as well as malware authors who indiscriminately deploy commodity threats. Scripting engines such as JavaScript, VBScript, and PowerShell offer tremendous benefits to attackers. They run...

CVE-2017-11845

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability"...

Detecting reflective DLL loading with Windows Defender ATP

Today's attacks put emphasis on leaving little, if any, forensic evidence to maintain stealth and achieve persistence. Attackers use methods that allow exploits to stay resident within an exploited process or migrate to a long-lived process without ever creating or relying on a file on disk. In...

The vulnerability of the Microsoft PowerPoint presentation preparation program, the Microsoft SharePoint Server corporate application package, and the Office Online Server web server is related to incorrect handling of objects in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the Microsoft PowerPoint presentation preparation program, the Microsoft SharePoint Server corporate application package, and the Office Online Server web server is related to incorrect handling of objects in memory. Exploiting this vulnerability can allow a malicious actor t...

Windows Escalate UAC Protection Bypass (In Memory Injection) Abusing WinSXS

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/exe' class MetasploitModule 'Windows Escalate UAC Protection Bypass In Memory Injection abusing WinSXS', 'Description' = %q This module will...

Microsoft Office Outlook Security Bypass Vulnerability

Microsoft Office is a suite of office software based on the Windows operating system developed by Microsoft. A security bypass vulnerability exists in the implementation of Microsoft Outlook when it does not properly handle in-memory objects, where an attacker could execute arbitrary commands via...

Microsoft Office Web Apps Server 2013 Service Pack 1 RCE Vulnerability (KB4011231)

This host is missing an important security update according to Microsoft KB4011231 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2017-11793)

A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way Microsoft Internet Explorer handles objects in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page...

CVE-2016-3104

mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service memory consumption and process termination by leveraging in-memory database representation when authenticating against a non-existent database...

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

Apache Struts 2 REST Plugin XStream Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Struts 2 REST Plugin XStream RCE', 'Description' = %q Apache Struts versions 2.5 through 2.5.12 using the REST plugin are vulnerable to a...

Koadic C3 COM Command & Control – JScript RAT

Koadic, or COM Command & Control, is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host a.k.a. JScript/VBScript, with compatibility in t...

Microsoft Edge Memory Corruption Vulnerability

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...

Microsoft Office Outlook Information Disclosure Vulnerability

Microsoft Office is a suite of office software based on the Windows operating system developed by Microsoft. Microsoft Office Outlook has a security vulnerability in the way in-memory content is disclosed, which allows remote attackers to exploit the vulnerability by submitting a special request ...

Microsoft Edge Remote Code Execution Vulnerability (CNVD-2017-14639)

Microsoft Edge is the web browser built into the Windows 10 version. Microsoft Edge fails to properly handle in-memory objects and has a remote code execution vulnerability in its implementation that could lead an attacker to execute arbitrary code in the current user context...

Microsoft Edge Memory Corruption Vulnerability

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...