Security feature bypass

A security feature bypass vulnerability exists in Windows Defender Application Control WDAC which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC. To exploit the...

VMware Carbon Black First to Block Hidden Malicious Commands in Obfuscated Scripts

For a long time now, our Threat Analysts have flagged the growing threat of script-based attacks, especially from Microsoft PowerShell and Windows Management Interface script commands, and their ability to escape notice in many antivirus solutions. Increasingly, these types of attacks have become...

Windows Defender Application Control Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in Windows Defender Application Control WDAC which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC. To exploit the...

PT-2020-3927 · Microsoft +1 · Windows Defender Application Control +3

Name of the Vulnerable Software and Affected Versions: Windows Defender Application Control WDAC affected versions not specified Description: A security feature bypass issue exists in Windows Defender Application Control WDAC, allowing an attacker to bypass WDAC enforcement and execute arbitrary...

GHSA-49C6-3WR4-8JR4 Malicious Package in malicious-npm-package

All versions of malicious-npm-package contain malicious code. The malware targets Windows systems. It runs a powershell command that downloads an executable file from a remote server and runs it. Recommendation Any computer that has this package installed or running should be considered fully...

PowerSploit

This is a PowerShell module repository called PowerSploit, which is a collection of tools for penetration testing and red teaming. The repository contains several modules, including AntivirusBypass and CodeExecution. The AntivirusBypass module is designed to help evade antivirus detection, and it...

DVS - D(COM) V(ulnerability) S(canner) AKA Devious Swiss Army Knife

Did you ever wonder how you can move laterally through internal networks? or interact with remote machines without alerting EDRs? Let's assume that we have a valid credentials, or an active session with access to a remote machine, but we are without an option for executing a process remotely in a...

Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning

When attackers successfully breach a target network, their typical next step is to perform reconnaissance of the network, elevate their privileges, and move laterally to reach specific machines or spread as widely as possible. For these activities, attackers often probe the affected network’s...

ezEmu - Simple Execution Of Commands For Defensive Tuning/Research

ezEmu enables users to test adversary behaviors via various execution techniques. Sort of like an "offensive framework for blue teamers ", ezEmu does not have any networking/C2 capabilities and rather focuses on creating local test telemetry. Windows See /Linux for ELF ezEmu is compiled as...

powerSploit

This is an offensive tool for Windows. It is a PowerShell module called PowerSploit, which is a framework for penetration testing and red teaming. The module includes various tools for tasks such as antivirus bypass, code execution, and DLL injection. The primary vulnerability targeted by this to...

Lifting the veil on DeathStalker, a mercenary triumvirate

State-sponsored threat actors and sophisticated attacks are often in the spotlight. Indeed, their innovative techniques, advanced malware platforms and 0-day exploit chains capture our collective imagination. Yet these groups still arent likely to be a part of the risk model at most companies, no...

PowerSharpPack - Many usefull offensive CSharp Projects wraped into Powershell for easy usage

Many usefull offensive CSharp Projects wraped into Powershell for easy usage. Why? In my personal opinion offensive Powershell is not dead because of AMSI, Script-block-logging, Constrained Language Mode or other protection features. Any of these mechanisms can be bypassed. Since most new...

Phirautee - A PoC Crypto Virus To Spread User Awareness About Attacks And Implications Of Ransomwares

A proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShell and does not require any third-party libraries. This tool steals the information, holds an organisation’s data to hostage for payments or permanentl...

SkyArk - Helps To Discover, Assess And Secure The Most Privileged Entities In Azure And AWS

SkyArk is a cloud security project with two mainscanning modules: 1. AzureStealth - Scans Azure environments 2. AWStealth - Scan AWS environments These two scanning modules will discover the most privileged entities in the target AWS and Azure. The Main Goal - Discover The Most Privileged Cloud...

Description of the security update for SharePoint Server 2019: August 11, 2020

Description of the security update for SharePoint Server 2019: August 11, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the...

Chalumeau - Automated, Extendable And Customizable Credential Dumping Tool

Chalumeau is automated,extendable and customizable credential dumping tool based on powershell and python. Main Features Write your own Payloads In-Memory execution Extract Password List Dashboard reporting / Web Interface Parsing Mimikatz Dumping Tickets Screenshots Known Issues Parsing Mimikatz...

Xeca - PowerShell Payload Generator

xeca is a project that creates encrypted PowerShell payloads for offensive purposes. Creating position independent shellcode from DLL files is also possible. Install Firstly ensure that rust is installed, then build the project with the following command: cargo build How It Works 1. Identify and...

Building a lab with Server 2019 Server Core and PowerShell …then attacking it!

A lot of people want to get into red teaming but dont know how. Our Andy Gill / @ZephrFish has written about that. One of the most important skills a red teamer needs to have is a plan to fail mentality. By planning to fail you can plan for all eventualities. This is a very common military tactic...

SharePoint DataSet / DataTable Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SharePoint DataSet / DataTable Deserialization', 'Description' = %q A remotely exploitable vulnerability exists within SharePoint that can be...

Carbon Black EDR’s All-New Live Query Capability and Enhanced Fileless Visibility

VMware Carbon Black is excited to announce that VMware Carbon Black EDR formerly CB Response, recently named by Gartner as a 2020 Customers’ Choice for Endpoint Detection and Response solutions, now features enhanced insight into fileless activity via Microsoft’s AMSI and a brand new Live Query...