Amber - POC Reflective PE Packer

Amber is a proof of concept packer, it can pack regularly compiled PE files into reflective PE files that can be used as multi stage infection payloads. If you want to learn the packing methodology used inside the Amber check out below. PS: This is not a complete tool some things may break so tak...

DEBIAN-CVE-2017-16869

pmach.cpp in UPX 3.94 allows remote attackers to cause a denial of service invalid memory access and application crash or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. NOTE: the vendor has stated "there is no security implication...

PT-2017-14606 · Upx +1 · Upx +1

Name of the Vulnerable Software and Affected Versions: UPX version 3.94 Description: The issue allows remote attackers to cause a denial of service, resulting in invalid memory access and application crash, or possibly have other unspecified impacts via a crafted Mach-O file. This is related to t...

[SECURITY] Fedora 25 Update: upx-3.94-1.fc25

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

[SECURITY] Fedora 26 Update: upx-3.94-1.fc26

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

[SECURITY] Fedora 27 Update: upx-3.94-1.fc27

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

Significant FormBook Distribution Campaigns Impacting the U.S. and South Korea

We observed several high-volume FormBook malware distribution campaigns primarily taking aim at Aerospace, Defense Contractor, and Manufacturing sectors within the U.S. and South Korea during the past few months. The attackers involved in these email campaigns leveraged a variety of distribution...

Threat Round Up For Sept 8 - Sept 15

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between September 08 and September 15. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...

AhMyth Android RAT - Android Remote Administration Tool

AhMyth Android RAT is an Android Remote Administration Tool Beta Version It consists of two parts: Server side: desktop application based on electron framework control panel Client side: Android application backdoor Getting Started From source code Prerequisite : Electron to start the app Java to...

Malware Analysis Windows VM: Malboxes

Malware Analysis Windows VM Vagrant box builder and config generator for malware analysis. The malware battle online is far from being over. Several thousands of new malware binaries are collected by antivirus companies every day. Most organizations don’t have the expertise on staff to know if th...

Updated clamav packages fix security vulnerability

ClamAV aka Clam AntiVirus before 0.99.2 allows remote attackers to cause a denial of service application crash via a crafted mew packer executable CVE-2016-1371. ClamAV aka Clam AntiVirus before 0.99.2 allows remote attackers to cause a denial of service application crash via a crafted 7z file...

Metasploitable3 - An Intentionally Vulnerable Machine for Exploit Testing

Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with metasploit . Metasploitable3 is released under a BSD-style license. See COPYING for more details. Building Metasploitable 3...

Intentionally Vulnerable Machine for Exploit Testing: Metasploitable3

Intentionally Vulnerable Machine for Exploit Testing Metasploitable3 is a free virtual machine that allows you to simulate attacks largely using Metasploit. It has been used by people in the security industry for a variety of reasons: such as training for network exploitation, exploit development...

ClamAV < 0.99.2 Multiple Vulnerabilities

Binary data 9793.prm...

ClamAV < 0.99.2 Crafted '7z' And 'Mew Packer' Parsing DoS Vulnerabilities - Windows

ClamAV is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:clamav:clamav"...

ClamAV Denial of Service Vulnerability (CNVD-2016-08488)

ClamAV Clam AntiVirus is a free and open source antivirus program developed by the ClamAV team. The software is used to detect Trojans, viruses, malware and other malicious threats. A denial of service vulnerability exists in versions of ClamAV prior to 0.99.2. A remote attacker can exploit this...

ClamAV < 0.99.2 Multiple libclamav DoS

According to its version, the ClamAV clamd antivirus daemon running on the remote host is prior to 0.99.2. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists in the libclamav library when handling specially crafted mew packer executables. An...

CVE-2016-1371

ClamAV aka Clam AntiVirus before 0.99.2 allows remote attackers to cause a denial of service application crash via a crafted mew packer executable...

DEBIAN-CVE-2016-1371

ClamAV aka Clam AntiVirus before 0.99.2 allows remote attackers to cause a denial of service application crash via a crafted mew packer executable...

CVE-2016-1371

ClamAV aka Clam AntiVirus before 0.99.2 allows remote attackers to cause a denial of service application crash via a crafted mew packer executable...