Elegant sLoad Carries Out Spying, Payload Delivery in BITS

A fresh analysis of the trojan sLoad sheds light on the growing trend of advanced malware “living off the land” of a targeted system and successfully evading detection and carrying out malicious activities. SLoad is a PowerShell downloader type of malware and is known for its impressive...

New Zeppelin Ransomware Targeting Tech and Health Companies

A new variant of Vega ransomware family, dubbed Zeppelin , has recently been spotted in the wild targeting technology and healthcare companies across Europe, the United States, and Canada. However, if you reside in Russia or some other ex-USSR countries like Ukraine, Belorussia, and Kazakhstan,...

SYS.2.2.2.A16

Ziel des Bausteins SYS.2.2.2 ist der Schutz von Informationen, die durch und auf Windows 8.1-Clients verarbeiten werden. Die Kern-Anforderung Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

ZeroCleare: New Iranian Data Wiper Malware Targeting Energy Sector

Cybersecurity researchers have uncovered a new, previously undiscovered destructive data-wiping malware that is being used by state-sponsored hackers in the wild to target energy and industrial organizations in the Middle East. Dubbed ZeroCleare , the data wiper malware has been linked to not one...

Attack Monitor - Endpoint Detection And Malware Analysis Software

Attack Monitor is Python application written to enhance security monitoring capabilites of Windows 7/2008 and all later versions workstations/servers and to automate dynamic analysis of malware. Current modes mutually exclusive: Endpoint detection ED Malware analysis on dedicated Virtual Machine...

Netstat2Neo4J - Create Cypher Create Statements For Neo4J Out Of Netstat Files From Multiple Machines

Graphs help to spot anomalies and patterns in large datasets. This script takes netstat information from multiple hosts and formats them in a way to make them importable into Neo4j. Neo4j can be queried for find connections to certain hosts, from certain hosts, find out the usage or protocols and...

Kali Linux 2019.4 Release - Penetration Testing and Ethical Hacking Linux Distribution

We are incredibly excited to announce our fourth and final release of 2019, Kali Linux 2019.4. 2019.4 includes some exciting new updates: A new default desktop environment, Xfce New GTK3 theme for Gnome and Xfce Introduction of “Kali Undercover” mode Kali Documentation has a new home and is now G...

Latest Kali Linux OS Added Windows-Style Undercover Theme for Hackers

You can relate this: While working on my laptop, I usually prefer sitting at a corner in the room from where no one should be able to easily stare at my screen, and if you're a hacker, you must have more reasons to be paranoid. Let's go undercover: If you're in love with the Kali Linux operating...

Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation Vulnerability

Exploit Title: Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation Exploit Author: Abdelhamid Naceri Vendor Homepage: www.microsoft.com Tested on: Windows 10 1903 CVE : CVE-2019-1385 Windows: "AppX Deployment Service" AppXSVC elevation of privilege vulnerability Class: Local...

Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation

Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation Exploit Title: Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation Date: 2019-11-22 Exploit Author: Abdelhamid Naceri Vendor Homepage: www.microsoft.com Tested on: Windows 10 1903 CVE : CVE-2019-1385 Windows:...

Microsoft Windows AppXsvc Deployment Extension Privilege Escalation

Exploit Title: Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation Date: 2019-11-22 Exploit Author: Abdelhamid Naceri Vendor Homepage: www.microsoft.com Tested on: Windows 10 1903 CVE : CVE-2019-1385 Windows: "AppX Deployment Service" AppXSVC elevation of privilege vulnerability...

FreeSWITCH - Event Socket Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FreeSWITCH Event Socket Command Execution', 'Description' = %q This module uses the FreeSWITCH event socket interface to execute system commands...

WinPwn - Automation For Internal Windows Penetrationtest / AD-Security

In many past internal penetration tests I often had problems with the existing Powershell Recon / Exploitation scripts due to missing proxy support. I often ran the same scripts one after the other to get information about the current system and/or the domain. To automate as many internal...

Malicious Package

malicious-npm-package is a malicious package. The package targets Windows system and runs a powershell command to download and execute a malicious script that is stored on a remote server...

SYS.2.2.3.A22

Ziel des Bausteins SYS.2.2.3 ist der Schutz von Informationen, die durch und auf Windows 10-Clients verarbeiten werden. Die Standard-Anforderung SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...

Malicious Package

Overview All versions of malicious-npm-package contain malicious code. The malware targets Windows systems. It runs a powershell command that downloads an executable file from a remote server and runs it. Recommendation Any computer that has this package installed or running should be considered...

Security Updates for Exchange (November 2019)

The Microsoft Exchange Server installed on the remote host is missing a security update. It is, therefore, affected by the following vulnerability : - A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell. An attacker who...

FreeSWITCH Event Socket Command Execution Exploit

This Metasploit module uses the FreeSWITCH event socket interface to execute system commands using the system API command. The event socket service is enabled by default and listens on TCP port 8021 on the local network interface. This module has been tested successfully on FreeSWITCH versions:...

Double Vision: Stealthy Malware Dropper Delivers Dual RATs

A newly discovered initial-stage malware dropper has been discovered sneaking by antivirus products, with the ultimate goal of delivering a double-pronged whammy of RevengeRAT and WSH RAT payloads onto targeted Windows machines. A FortiGuard Labs team recently captured a sample file that had been...

Changing security incident response by utilizing the power of the cloud—DART tools, techniques, and procedures: part 1

This is the first in a blog series discussing the tools, techniques, and procedures that the Microsoft Detection and Response Team DART use to investigate cybersecurity incidents at our customer organizations. Today, we introduce the team and give a brief overview of each of the tools that utiliz...