Applocker Evasion - .NET Framework Installation Utility

This module will assist you in evading Microsoft Windows Applocker and Software Restriction Policies. This technique utilises the Microsoft signed binary InstallUtil.exe to execute user supplied code. This module requires Metasploit: https://metasploit.com/download Current source:...

Microsoft Releases April 2019 Security Updates — Two Flaws Under Active Attack

Microsoft today released its April 2019 software updates to address a total of 74 CVE-listed vulnerabilities in its Windows operating systems and other products, 13 of which are rated critical and rest are rated Important in severity. April 2019 security updates address flaws in Windows OS,...

如何针对使用HTTP的.NET Remoting finding and using deserialization vulnerability-vulnerability warning-the black bar safety net

One, overview In the NCC Group and most recent safety assessment, 我发现了一个.NET v2. 0 app, 该应用程序使用.NET Remoting by HTTP to send the SOAP request to the other server to communicate. In the application of the anti-compiled, I realized that the server has TypeFilterLevel is set to Full, this is very...

January 17, 2019—KB4480974 (Preview of Monthly Rollup)

January 17, 2019—KB4480974 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4480968 released January 8, 2019 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Ensures that...

September 2018 Preview of the Quality Rollups for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB 4458611)

September 2018 Preview of the Quality Rollups for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 7 SP1 and Windows Server 2008 R2 SP1 KB 4458611 Notice This update is included in the Security and Quality Rollup that's dated October 9, 2018. This update was...

August 2018 Preview of the Quality Rollups for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 7 SP1 and Server 2008 R2 SP1 (KB 4346080)

August 2018 Preview of the Quality Rollups for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 7 SP1 and Server 2008 R2 SP1 KB 4346080 Summary This article lists the Quality Rollups for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for...

November 2018 Security and Quality Rollups for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 7 SP1 and Server 2008 R2 SP1 (KB 4467240)

November 2018 Security and Quality Rollups for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 7 SP1 and Server 2008 R2 SP1 KB 4467240 Applies to: Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framewo...

CVE-2019-0657

Summary: CVE-2019-0657 is referenced across multiple sources as the".NET Core NuGet Tampering Vulnerability". Connected items (ALT Linux package advisories) cite CVE-2019-0657 in security fixes for various dotnet-bootstrap packages (versions 2.1.9-alt1 across 3.1, 5.0, 6.0, 7.0 series). The advis...

CVE-2019-0613

CVE-2019-0613 affects Microsoft .NET Framework and Visual Studio. The vulnerability arises when the software fails to validate the source markup of a file, allowing remote code execution in the context of the current user. CVSS data from NVD indicates a network-exposed, high-severity issue (v3 ba...

CVE-2019-0613

A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework and Visu...

CVE-2019-0657

A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'...

January 2019 Preview of the Quality Rollups for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 7 SP1 and Server 2008 R2 SP1 (KB 4481488)

January 2019 Preview of the Quality Rollups for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 7 SP1 and Server 2008 R2 SP1 KB 4481488 Applies to: Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET...

CVE-2019-0657

A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'...

CVE-2019-0657

A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'...

CVE-2019-0613

A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework and Visu...

Remote code execution

A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework and Visu...

Spoofing

A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'...

MS15-044: Description of the security update for the .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: May 12, 2015

MS15-044: Description of the security update for the .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: May 12, 2015 View products that this article applies to. Introduction This update resolves vulnerabilities in the Microsoft .NET Framework. These...

Reko - A General Purpose Binary Decompiler

Reko Swedish: "decent, obliging" is a C project containing a decompiler for machine code binaries. This project is freely available under the GNU General Public License. The project consists of front ends, core decompiler engine, and back ends to help it achieve its goals. A command-line, a Windo...

Security Updates for Microsoft .NET Framework (February 2019)

The Microsoft .NET Framework installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a...