PrivescCheck - Privilege Escalation Enumeration Script For Windows

This script aims to enumerate common Windows security misconfigurations which can be leveraged for privilege escalation and gather various information which might be useful for exploitation and/or post-exploitation. I built on the amazing work done by @harmj0y and @mattifestation in PowerUp. I...

Install Python for Windows

This module places an embeddable Python3 distribution onto the target file system, granting pentesters access to a lightweight Python interpreter. This module does not require administrative privileges or user interaction with installation prompts. This module requires Metasploit:...

VMware Carbon Black Threat Analysis: FTCODE Ransomware

FTCODE is a fully PowerShell-based ransomware. It is distributed via malicious document files that contain macros or using VBScript to download and launch the malicious PowerShell script. FTCODE ransomware will scan a specific list of file extensions and encrypt them with Rijndael algorithm. Othe...

NetSupport Manager RAT Spread via Bogus NortonLifeLock Docs

The legitimate remote access tool RAT called NetSupport Manager, used for troubleshooting and tech support, is being converted into a malicious weapon by cybercriminals. Researchers at Palo Alto Networks’ Unit 42 division have spotted a spam campaign attempting to deliver a malicious Microsoft Wo...

BadBlood - Fills A Microsoft Active Directory Domain With A Structure And Thousands Of Objects

BadBlood by Secframe fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding...

Xencrypt - A PowerShell Script Anti-Virus Evasion Tool

Tired of wasting lots of time obfuscating PowerShell scripts like invoke-mimikatz only to have them get detected anyway? Wouldn't it be awesome if you could take any script and automatically and with almost no effort generate a near-infinite amount of variants in order to defeat signature-based...

PowerSploit

This is an offensive tool for Windows PowerShell exploitation. It is a PowerShell post-exploitation framework called PowerSploit, which includes various modules for code execution, DLL injection, and antivirus bypass. The framework is designed to be used by penetration testers and red teamers to...

CSI: Evidence Indicators for Targeted Ransomware Attacks - Part II | McAfee Blogs

CSI: Evidence Indicators for Targeted Ransomware Attacks – Part II Christiaan Beek · FEB 20, 2020 In our first article we discussed the growing pattern of targeted ransomware attacks where the first infection stage is often an info-stealer kind of malware used to gain credentials/access to...

Our Experiences Participating in Microsoft’s Azure Sphere Bounty Program | McAfee Blogs

CSI: Evidence Indicators for Targeted Ransomware Attacks – Part II Christiaan Beek · FEB 20, 2020 In our first article we discussed the growing pattern of targeted ransomware attacks where the first infection stage is often an info-stealer kind of malware used to gain credentials/access to...

Our Experiences Participating in Microsoft’s Azure Sphere Bounty Program | McAfee Blogs

CSI: Evidence Indicators for Targeted Ransomware Attacks – Part II Christiaan Beek · FEB 20, 2020 In our first article we discussed the growing pattern of targeted ransomware attacks where the first infection stage is often an info-stealer kind of malware used to gain credentials/access to...

CSI: Evidence Indicators for Targeted Ransomware Attacks - Part II | McAfee Blogs

CSI: Evidence Indicators for Targeted Ransomware Attacks – Part II Christiaan Beek · FEB 20, 2020 In our first article we discussed the growing pattern of targeted ransomware attacks where the first infection stage is often an info-stealer kind of malware used to gain credentials/access to...

Citrix Director displays multiple Hypervisor health alerts

Background Citrix Director displays alerts on the dashboard and other high level views to monitor infrastructure. Alerts from various hypervisors including XenServer and vSphere, help monitor the hypervisor parameters and states. Starting with CVAD 2411, Citrix Director introduces bulk dismissal ...

PowerTools

This repository is an offensive tool for PowerShell exploitation. It contains a collection of scripts that utilize a common pattern to host a script on a PowerShell webserver, invoke the IEX download cradle to download/execute the target code and post the results back to the server, and then...

CSI Evidence Indicators for Targeted Ransomware Attacks

ARCHIVED STORY CSI: Evidence Indicators for Targeted Ransomware Attacks – Part I By Trellix · Febraury 12, 2020 For many years now I have been working and teaching in the field of digital forensics, malware analysis and threat intelligence. During one of the classes we always talk about Lockard’s...

CSI Evidence Indicators for Targeted Ransomware Attacks

ARCHIVED STORY CSI: Evidence Indicators for Targeted Ransomware Attacks – Part I By Trellix · Febraury 12, 2020 For many years now I have been working and teaching in the field of digital forensics, malware analysis and threat intelligence. During one of the classes we always talk about Lockard’s...

Job fails to create VSS snapshot for SMB share

Challenge A File Backup/file to tape job skips VSS snapshot creation on SMB share and ends with the following message in the log: Failed to create a VSS snapshot, failing over to direct backup from the file share A File Backup job for an SMB3 File Share configured to use Backup from a Microsoft V...

PowerSploit

This is an offensive tool for Windows PowerShell. It is a collection of PowerShell modules for various purposes, including code execution, DLL injection, and antivirus bypass. The tool is part of the PowerSploit framework, which is a collection of PowerShell modules for penetration testing and re...

New Lemon Duck Malware Campaign Targets IoT, Large Manufacturers

Printers, smart TVs and automated guided vehicles that depend on Windows 7 have become the latest juicy targets for cybercriminals leveraging a “self-spreading” variant of the malware Lemon Duck. In a report released Wednesday by TrapX Security, researchers warn manufacturers dependent on IoT...

AZORult Campaign Adopts Novel Triple-Encryption Technique

A recent wave of AZORult-laced spam caught the attention of researchers who warn that malicious attachments associated with the campaign are using a novel obfuscation technique, in an attempt to slip past spam gateways and avoid client-side antivirus detection. What makes this campaign unique is...

Beers with Talos Ep. #71: I Have the Power(Shell)

Beers with Talos BWT Podcast episode No. 71 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded Jan. 17, 2020 PowerShell is a frequent flyer in security headlines — a powerful and oft-wielded tool for attacke...