Stealth Soldier: A New Custom Backdoor Targets North Africa with Espionage Attacks

A new custom backdoor dubbed Stealth Soldier has been deployed as part of a set of highly-targeted espionage attacks in North Africa. "Stealth Soldier malware is an undocumented backdoor that primarily operates surveillance functions such as file exfiltration, screen and microphone recording,...

Nimbo-C2 - Yet Another (Simple And Lightweight) C2 Framework

About Nimbo-C2 is yet another simple and lightweight C2 framework. Nimbo-C2 agent supports x64 Windows & Linux. It's written in Nim, with some usage of .NET on Windows by dynamically loading the CLR to the process. Nim is powerful, but interacting with Windows is much easier and robust using...

Russian Hackers Suspected in Ongoing Exploitation of Unpatched PaperCut Servers

Print management software provider PaperCut said that it has "evidence to suggest that unpatched servers are being exploited in the wild," citing two vulnerability reports from cybersecurity company Trend Micro. "PaperCut has conducted analysis on all customer reports, and the earliest signature ...

Russian Hackers Suspected in Ongoing Exploitation of Unpatched PaperCut Servers

Print management software provider PaperCut said that it has "evidence to suggest that unpatched servers are being exploited in the wild," citing two vulnerability reports from cybersecurity company Trend Micro. "PaperCut has conducted analysis on all customer reports, and the earliest signature ...

Lazarus Group Likely Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data

A new backdoor associated with a malware downloader named Wslink has been discovered, with the tool likely used by the notorious North Korea-aligned Lazarus Group, new findings reveal. The payload, dubbed WinorDLL64 by ESET, is a fully-featured implant that can exfiltrate, overwrite, and delete...

Exploit for CVE-2022-30190

CVE-2022-30190 Follina !build.ymlhttps://github.com/win...

Exploit for CVE-2022-30190

CVE-2022-30190 !N|Solidhttps://socprime.com/wp-content/up...

Trellix Global Defenders: Follina — Microsoft Office Zero-Day (CVE-2022-30190)

Trellix Global Defenders: Follina — Microsoft Office Zero-Day CVE-2022-30190 By Taylor Mullins, Robin Noyce , Benjamin Marandel · June 3, 2022 Trellix is continuing to monitor the threat activity associated with the Microsoft Office Zero-Day vulnerability that has been dubbed “Follina.”...

Exploit for CVE-2022-30190

CVE-2022-30190 This Repository Talks about the Follina MSDT fr...

Exploit for CVE-2022-30190

MSDTCVE-2022-30190 This Repository Talks about the Follina MS...

App Layering - (400) Bad Request with ImportOsLayer.ps1

ImportOsLayer.ps1 script PS C:\windows\Setup\Scripts .\ImportOsLayer.ps1 -ElmAddress -IgnoreCertError ModuleType Version Name ExportedCommands ---------- ------- ---- ---------------- Script 0.0 DynamicModule1cbe0359-cdf4-45... New-CALOperatingSystem, New-CALSession Failed to call API at and Meth...

What is fileless malware?

Unlike traditional malware, which relies on a file being written to a disk, fileless malware is intended to be memory resident only, ideally leaving no trace after its execution. The malicious payload exists in the computer’s memory, which means nothing is ever written directly to the hard drive...

PT-2021-19540 · Mcafee · Mvision Edr

Name of the Vulnerable Software and Affected Versions: MVISION EDR versions prior to 3.4.0 Description: A command injection issue allows an authenticated administrator to execute arbitrary commands through PowerShell using the 'execute reaction' functionality. Recommendations: For versions prior ...

Smart Scale to Autoscale Migration

Table of Contents Manual Migration --- Automated Migration Prerequisites Migrate Good to know Important: This article is applicable only if you have the Sites section in Smart Scale. Sites that use the Virtual Apps and Desktops service appear as “Cloudxdsite” by default. To view Sites, go to Citr...

CVE-2020-0951

A security feature bypass vulnerability exists in Windows Defender Application Control WDAC which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC. To exploit the...

Security feature bypass

A security feature bypass vulnerability exists in Windows Defender Application Control WDAC which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC. To exploit the...

Description of the security update for SharePoint Server 2019: August 11, 2020

Description of the security update for SharePoint Server 2019: August 11, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the...

Variant of Paradise Ransomware Targets Office IQY Files

A new variant of the Paradise ransomware attacks rarely-targeted Microsoft Office Excel IQY files, providing a new and relatively inobtrusive way to infiltrate and hijack an organization’s network, researchers have found. Lastline Labs’ James Haughom discovered the variant in December in a spam...

How to Migrate Backup Data Between Repositories for Veeam Backup for Microsoft 365

Purpose This article provides information regarding migrating backup data between JET-based backup repositories and from a JET-based backup repository to a non-immutable object storage repository when using Veeam Backup for Microsoft 365. This article documents how to migrate backup data between...

Hunting COM Objects

COM objects have recently been used by penetration testers, Red Teams, and malicious actors to perform lateral movement. COM objects were studied by several other researchers in the past, including Matt Nelson enigma0x3, who published a blog post about it in 2017. Some of these COM objects were...