How To Stop All Veeam Backup & Replication Activities

Purpose This article documents the procedure for halting all Veeam Backup & Replication activities. Solution Stopping Veeam Activity on Veeam Backup Server 1. Open the Veeam Backup & Replication Console. 2. Disable all Jobs. Note which jobs were already disabled so you know which ones may not nee...

AutoRDPwn v5.0 - The Shadow Attack Framework

AutoRDPwn is a post-exploitation framework created in Powershell, designed primarily to automate the Shadow attack on Microsoft Windows computers. This vulnerability listed as a feature by Microsoft allows a remote attacker to view his victim's desktop without his consent, and even control it...

PoshC2 - C2 Server and Implants

PoshC2 is a proxy aware C2 framework that utilises Powershell and/or equivalent System.Management.Automation.dll to aid penetration testers with red teaming, post-exploitation and lateral movement. Powershell was chosen as the base implant language as it provides all of the functionality and rich...

Russian Hacking Group Targeting Banks Worldwide With Evolving Tactics

Silence APT, a Russian-speaking cybercriminal group, known for targeting financial organizations primarily in former Soviet states and neighboring countries is now aggressively targeting banks in more than 30 countries across America, Europe, Africa, and Asia. Active since at least September 2016...

Russian Hacking Group Targeting Banks Worldwide With Evolving Tactics

Silence APT , a Russian-speaking cybercriminal group, known for targeting financial organizations primarily in former Soviet states and neighboring countries is now aggressively targeting banks in more than 30 countries across America, Europe, Africa, and Asia. Active since at least September 201...

Windows PowerShell - Unsanitized Filename Command Execution Exploit

''' + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-POWERSHELL-UNSANITIZED-FILENAME-COMMAND-EXECUTION.txt + ISR: Apparition Security Vendor www.microsoft.com Product Windows PowerShell Windows PowerShell...

Microsoft Windows PowerShell - Unsanitized Filename Command Execution

''' + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-POWERSHELL-UNSANITIZED-FILENAME-COMMAND-EXECUTION.txt + ISR: Apparition Security Vendor www.microsoft.com Product Windows PowerShell Windows PowerShell...

Windows PowerShell - Unsanitized Filename Command Execution

Windows PowerShell - Unsanitized Filename Command Execution ''' + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-POWERSHELL-UNSANITIZED-FILENAME-COMMAND-EXECUTION.txt + ISR: Apparition Security Vendor...

Steam Windows Client Local Privilege Escalation

$SteamRegKey = "HKLM:\SOFTWARE\WOW6432Node\Valve\Steam\NSIS" $MSIRegKey = "HKLM:\SYSTEM\CurrentControlSet\Services\msiserver" $RegDir = "C:\Windows\Temp\RegLN.exe" $PayDir = "C:\Windows\Temp\payload.exe" $Payload = "c:\windows\system32\cmd.exe /c c:\windows\temp\payload.exe 127.0.0.1 4444 -e...

How to Use Multiple Backup Repositories Pointing to a Single Catalyst Store

Challenge To minimize backup job duration and reduce disk space used for backups, you can configure multiple Veeam Backup & Replication repositories on a single HPE StoreOnce Catalyst Store. However, due to the lack of folders concept on StoreOnce, such configuration may result in Veeam B&R...

How to get the Organization Units (OU) and Hosts from Microsoft Active Directory using Python ldap3

I recently figured out how to work with Microsoft Active Directory using Python 3. I wanted to get a hierarchy of Organizational Units OUs and all the network hosts associated with these OUs to search for possible anomalies. If you are not familiar with AD, here is a good thread about the...

Commando VM v2.0 - The First Full Windows-based Penetration Testing Virtual Machine Distribution

Welcome to CommandoVM - a fully customizable, Windows-based security distribution for penetration testing and red teaming. For detailed install instructions or more information please see our blog Installation Install Script Requirements Windows 7 Service Pack 1 or Windows 10 60 GB Hard Drive 2 G...

Microsoft Windows PowerShell Command Execution Exploit

Microsoft Windows PowerShell Command Execution Exploit + Credits: John Page aka hyp3rlinx Vendor www.microsoft.com Product Windows PowerShell Windows PowerShell is a Windows command-line shell designed especially for system administrators. PowerShell includes an interactive prompt and a scripting...

List of Open Source C2 Post-Exploitation Frameworks

PenTestIT RSS Feed This post has been lying in my drafts for more than a year with edits all over. But two days ago, it was announced that Powershell Empire would no longer be supported by it's authors. Hence just like I curated a list of adversary emulation tools, I finalized this list of open...

Microsoft Windows PowerShell Command Execution Vulnerability

Windows PowerShell is a Windows command line shell system administrator designed for Windows. A command execution vulnerability exists in Microsoft Windows PowerShell, which can be exploited by an attacker to execute arbitrary commands...

Apache Tika 1.15 - 1.17 - Header Command Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Tika Header Command Injection', 'Description' = %q This module exploits a command injection vulnerability in Apache Tika 1.15 - 1.17 on...

Microsoft Windows PowerShell Command Execution

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-POWERSHELL-UNSANITIZED-FILENAME-COMMAND-EXECUTION.txt + ISR: Apparition Security Vendor www.microsoft.com Product Windows PowerShell Windows PowerShell is a...

Brand-New SystemBC Proxy Malware Spotted Using SOCKS5 for Stealth

A previously undocumented proxy malware, dubbed “SystemBC,” is upping the stealth game by using SOCKS5 to evade detection. It’s being distributed by the Fallout and RIG exploit kits EKs, according to researchers. Proofpoint researchers said on Thursday that in the most recently tracked example, t...

Evil-Winrm - The Ultimate WinRM Shell For Hacking/Pentesting

The ultimate WinRM shell for hacking/pentesting. / | || || | / | | | | | | | | | | | | | | | | : | | | | | | |\ / | | | | || / |||| | || || || \ | \ | | | | | | | | | | || D | | | | | | | | | | || / | / | | ' | | | | | || \ | | | \ / | | | | || . | | | // ||||||||||| By: CyberVaca@HackPlayers...

CB TAU Technical Analysis: DLTMiner Campaign Targeting Corporations in Asia

A CB customer recently provided a series of commands that they had observed for analysis. The customer felt that the associated attacker activity may have been attempting to tamper with the Carbon Black product. It turned out they were not, but the attackers were specifically looking for the...