Amazon Linux AMI : git (ALAS-2022-1589)

The version of git installed on the remote host is prior to 2.36.1-1.75. It is, therefore, affected by a vulnerability as referenced in the ALAS-2022-1589 advisory. A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system...

Microsoft Office Word MSDTJS

This module generates a malicious Microsoft Word document that when loaded, will leverage the remote template feature to fetch an HTML document and then use the ms-msdt scheme to execute PowerShell code. Module Options msf use exploit/windows/fileformat/wordmsdtjsrce msf exploitwordmsdtjsrce show...

Microsoft Office Word MSDTJS Code Execution Exploit

This Metasploit module generates a malicious Microsoft Word document that when loaded, will leverage the remote template feature to fetch an HTML document and then use the ms-msdt scheme to execute PowerShell code. This module requires Metasploit: https://metasploit.com/download Current source:...

Microsoft Office Word MSDTJS Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Office Word MSDTJS', 'Description' = %q This module generates a malicious Microsoft Word document that when loaded, will leverage the...

State-Backed Hackers Exploit Microsoft 'Follina' Bug to Target Entities in Europe and U.S

A suspected state-aligned threat actor has been attributed to a new set of attacks exploiting the Microsoft Office "Follina" vulnerability to target government entities in Europe and the U.S. Enterprise security firm Proofpoint said it blocked attempts at exploiting the remote code execution flaw...

AzureRT - A Powershell Module Implementing Various Azure Red Team Tactics

Powershell module implementing various cmdlets to interact with Azure and Azure AD from an offensive perspective. Helpful utilities dealing with access token based authentication, switching from Az to AzureAD and az cli interfaces, easy to use pre-made attacks such as Runbook-based command...

Exploit for CVE-2022-30190

CVE-2022-30190 !N|Solidhttps://socprime.com/wp-content/up...

Atomic-Operator - A Python Package Is Used To Execute Atomic Red Team Tests (Atomics) Across Multiple Operating System Environments

This python package is used to execute Atomic Red Team tests Atomics across multiple operating system environments. What's new? Why? atomic-operator enables security professionals to test their detection and defensive capabilities against prescribed techniques defined within atomic-red-team. By...

Microsoft Blocks Iran-linked Lebanese Hackers Targeting Israeli Companies

Microsoft on Thursday said it took steps to disable malicious activity stemming from abuse of OneDrive by a previously undocumented threat actor it tracks under the chemical element-themed moniker Polonium. In addition to removing the offending accounts created by the Lebanon-based activity group...

Trellix Global Defenders: Follina — Microsoft Office Zero-Day (CVE-2022-30190)

Trellix Global Defenders: Follina — Microsoft Office Zero-Day CVE-2022-30190 By Taylor Mullins, Robin Noyce , Benjamin Marandel · June 3, 2022 Trellix is continuing to monitor the threat activity associated with the Microsoft Office Zero-Day vulnerability that has been dubbed “Follina.”...

Exploit for CVE-2022-30190

CVE-2022-30190 This Repository Talks about the Follina MSDT fr...

Exploit for CVE-2022-30190

PoC exploit for CVE-2022-30190, a vulnerability in Microsoft Off...

Exploit for CVE-2022-30190

MS-MSDT Follina CVE-2022-30190 PoC Malicious docx generator t...

PowerGram - Multiplatform Telegram Bot In Pure PowerShell

PowerGram is a pure PowerShell Telegram Bot that can be run on Windows, Linux or Mac OS. To make use of it, you only need PowerShell 4 or higher and an internet connection. All communication between the Bot and Telegram servers is encrypted with HTTPS, but all requests will be sent in GET method,...

GSD-2022-30190 From the original tweet: Interesting maldoc was submitted from Belarus. It uses Word's external link to load the HTML and then uses the "ms-msdt" scheme to execute PowerShell code. From Microsoft: A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. This issue has been nicknamed "Follina "

From the original tweet: Interesting maldoc was submitted from Belarus. It uses Word's external link to load the HTML and then uses the "ms-msdt" scheme to execute PowerShell code. From Microsoft: A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calli...

Exploit for CVE-2022-30190

MSDTCVE-2022-30190 This Repository Talks about the Follina MS...

ChromeLoader Browser Hijacker Provides Gateway to Bigger Threats

ChromeLoader may seem on the surface like a run-of-the-mill browser hijacker that merely redirects victims to advertisement websites. However, its use of PowerShell could pose a greater risk by leading to further and advanced malicious activity, such as the propagation of ransomware or spyware or...

Microsoft Releases Workarounds for Office Vulnerability Under Active Exploitation

Microsoft on Monday published guidance for a newly discovered zero-day security flaw in its Office productivity suite that could be exploited to achieve code execution on affected systems. The weakness, now assigned the identifier CVE-2022-30190, is rated 7.8 out of 10 for severity on the CVSS...

Exploit for CVE-2022-30190

POC CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follina...

Zero-Day ‘Follina’ Bug Lays Microsoft Office Open to Attack

UPDATE A zero-day vulnerability in Microsoft Office allows adversaries to run malicious code on targeted systems via a flaw a remote Word template feature. The warning comes from Japanese security vendor Nao Sec, which tweeted a warning about the zero day over the weekend. It’s unclear if the...