AutomatedLab - A Provisioning Solution And Framework That Lets You Deploy Complex Labs On HyperV And Azure With Simple PowerShell Scripts

AutomatedLab AL enables you to setup test and lab environments on Hyper-v or Azure with multiple products or just a single VM in a very short time. There are only two requirements you need to make sure: You need the DVD ISO images and a Hyper-V host or an Azure subscription. Requirements Apart fr...

A New Jupyter Malware Version is Being Distributed via MSI Installers

Cybersecurity researchers have charted the evolution of Jupyter, a .NET infostealer known for singling out healthcare and education sectors, which make it exceptional at defeating most endpoint security scanning solutions. The new delivery chain, spotted by Morphisec on September 8, underscores...

September 27, 2021—KB5005619 (OS Build 20348.261) Preview

September 27, 2021—KB5005619 OS Build 20348.261 Preview Improvements and fixes This non-security update includes quality improvements. Key changes include: Addresses an issue that might prevent users from opening phone apps that are pinned to the taskbar. This issue occurs after they update to th...

PS2EXE - Module To Compile Powershell Scripts To Executables

Overworking of the great script of Ingo Karstein with GUI support. The GUI output and input is activated with one switch, real windows executables are generated. With Powershell 5.x support and graphical front end. Module version. You find the script based version here...

New Malware Targets Windows Subsystem for Linux to Evade Detection

A number of malicious samples have been created for the Windows Subsystem for Linux WSL with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines. The "distinct tradecraft"...

ZLoader’s Back, Abusing Google AdWords, Disabling Windows Defender

A targeted campaign delivering the ZLoader banking trojan is spreading via Google AdWords, and is using a mechanism to disable all Windows Defender modules on victim machines, researchers have found. That’s according to SentinelLabs, which said that to lower the rates of detection, the infection...

September 14, 2021—KB5005568 (OS Build 17763.2183)

September 14, 2021—KB5005568 OS Build 17763.2183 11/17/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. To view other notes and messages, see the Windows 10, version 1809 update history home page...

September 14, 2021—KB5005575 (OS Build 20348.230)

September 14, 2021—KB5005575 OS Build 20348.230 Improvements and fixes This security update includes quality improvements. Key changes include: Addresses an issue that causes Windows to generate many AppLocker or SmartLocker success events in the AppLocker EXE and DLL event channel. Addresses an...

Apartment Visitor Management System (AVMS) 1.0 - 'username' SQL Injection

Exploit Title: Apartment Visitor Management System AVMS 1.0 - 'username' SQL Injection Date: 2021-08-13 Exploit Author: mari0x00 Vendor Homepage: https://phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/ Software Link:...

Citrix gateway plugin executes PowerShell script obfuscated code which might be blocked by Antivirus software

We might see errors somewhat like below in AntiVirus : Event type: Process action blocked Component: Adaptive Anomaly Control Rule name: PowerShell executes obfuscated code Source process: c:\windows\system32\windowspowershell\v1.0\powershell.exe Application : "C:\Program Files\Citrix\Secure Acce...

Metasploit Wrap-Up

Confluence Server OGNL Injection Our own wvu along with Jang added a module that exploits an OGNL injection CVE-2021-26804in Atlassian Confluence's WebWork component to execute commands as the Tomcat user. CVE-2021-26804 is a critical remote code execution vulnerability in Confluence Server and...

SharpStrike - A Post Exploitation Tool Written In C# Uses Either CIM Or WMI To Query Remote Systems

SharpStrike is a post-exploitation tool written in C that uses either CIM or WMI to query remote systems. It can use provided credentials or the current user's session. Note: Some commands will use PowerShell in combination with WMI, denoted with in the --show-commands command. Introduction...

Metasploit Wrap-Up

LearnPress authenticated SQL injection Metasploit contributor h00die added a new module that exploits CVE-2020-6010, an authenticated SQL injection vulnerability in the WordPress LearnPress plugin. When a user is logged in with contributor privileges or higher, the id parameter can be used to...

Researchers Uncover FIN8's New Backdoor Targeting Financial Institutions

A financially motivated threat actor notorious for setting its sights on retail, hospitality, and entertainment industries has been observed deploying a completely new backdoor on infected systems, indicating the operators are continuously retooling their malware arsenal to avoid detection and st...

PSPKIAudit - PowerShell toolkit for auditing Active Directory Certificate Services (AD CS)

PowerShell toolkit for auditing Active Directory Certificate Services AD CS. It is built on top of PKISolution's PSPKI toolkit Microsoft Public License. This repo contains a newer version of PSPKI than what's available in the PSGallery see the PSPKI directory. Vadims Podans the creator of PSPKI...

ReverseSSH - Statically-linked Ssh Server With Reverse Shell Functionality For CTFs And Such

A statically-linkedssh server with a reverse connection feature for simple yet powerful remote access. Most useful during HackTheBox challenges, CTFs or similar. Has been developed and was extensively used during OSCP exam preparation. Get the latest Release Features Catching a reverse shell with...

PickleC2 - A Post-Exploitation And Lateral Movements Framework

PickleC2 is a post-exploitation and lateral movements framework. Documentation ReadTheDocs Overview PickleC2 is a simple C2 framework written in python3 used to help the community in Penetration Testers in their red teaming engagements. PickleC2 has the ability to import your own PowerShell modul...

WordPress Sites Abused in Aggah Spear-Phishing Campaign

Threat actors are using compromised WordPress websites to target manufacturers across Asia with a new spear-phishing campaign that delivers the Warzone RAT, a commodity infostealer available widely for purchase on criminal forums, researchers have found. The threat group Aggah, believed to be...

Informational: Impact of Microsoft PowerShell Vulnerability CVE-2021-26701 on Cortex XSOAR

Palo Alto Networks Cortex XSOAR maintains Docker Images with PowerShell available for customers to use. The base docker images with PowerShell were updated on May 19, 2021 with PowerShell version 7.1.3. Palo Alto Networks urges customers to upgrade their docker images to a version with the tag...

PowerShellArmoury - A PowerShell Armoury For Security Guys And Girls

The PowerShell Armoury is meant for pentesters, "insert-color-here"-teamers and everyone else who uses a variety of PowerShell tools during their engagements. It allows you to download and store all of your favourite PowerShell scripts in a single, encrypted file. You do not have to hassle with...