Windows Escalate UAC Protection Bypass Via SilentCleanup

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Escalate UAC Protection Bypass Via SilentCleanup', 'Description' = %q There's a task in Windows Task Scheduler called "SilentCleanup"...

GreenFlash Sundown exploit kit expands via large malvertising campaign

Exploit kit activity has been relatively quiet for some time, with the occasional malvertising campaign reminding us that drive-by downloads are still a threat. However, during the past few days we noticed a spike in our telemetry for what appeared to be a new exploit kit. Upon closer inspection ...

CVE-2019-10719

BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled, related to /api/upload and BlogEngine.NET/AppCode/Api/UploadController.cs. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714. Recent assessments: Leafr...

DNSlivery - Easy Files And Payloads Delivery Over DNS

Easy files and payloads delivery over DNS. Acknowledgments This project has been originally inspired by PowerDNS and Joff Thyer's technical segment on the Paul's Security Weekly podcast 590 youtu.be/CP6cIwFJswQ. Description TL;DR DNSlivery allows delivering files to a target using DNS as the...

Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)

Interactive Version: function SluiHijackBypass Param ParameterMandatory=$True String$command, ValidateSet64,86 int$arch = 64 Create registry structure New-Item "HKCU:\Software\Classes\exefile\shell\open\command" -Force Set-ItemProperty -Path "HKCU:\Software\Classes\exefile\shell\open\command" -Na...

Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell) Exploit

Exploit for windows platform in category local exploits Interactive Version: function SluiHijackBypass Param ParameterMandatory=$True String$command, ValidateSet64,86 int$arch = 64 Create registry structure New-Item "HKCU:\Software\Classes\exefile\shell\open\command" -Force Set-ItemProperty -Path...

Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)

Microsoft Windows - UAC Protection Bypass Via Slui File Handler Hijack PowerShell Interactive Version: function SluiHijackBypass Param ParameterMandatory=$True String$command, ValidateSet64,86 int$arch = 64 Create registry structure New-Item "HKCU:\Software\Classes\exefile\shell\open\command"...

Terminus - A Terminal For A More Modern Age

Terminus is a highly configurable terminal emulator for Windows, macOS and Linux Theming and color schemes Fully configurable shortcuts Split panes Remembers your tabs PowerShell and PS Core, WSL, Git-Bash, Cygwin, Cmder and CMD support Integrated SSH client and connection manager Full Unicode...

Exploit for Weak Password Recovery Mechanism for Forgotten Password in Zohocorp Manageengine_Adselfservice_Plus

ADSelfService-Plus-PoC CVE-2019-12476 ADSelfService Plus versi...

Bloodhound walkthrough. A Tool for Many Tradecrafts

A walkthrough on how to set up and use BloodHound BloodHound is an application used to visualize active directory environments. The front-end is built on electron and the back-end is a Neo4j database, the data leveraged is pulled from a series of data collectors also referred to as ingestors whic...

ReverseTCPShell - PowerShell ReverseTCP Shell, Client & Server

Reverse Encrypted AES 256-bit Shell over TCP - usingPowerShell SecureString. Attacker C2-Server Listener: PS .\ReverseTCP.ps1 Target Client: CMD ECHO...

It's alive: Threat actors cobble together open-source pieces into monstrous Frankenstein campaign

This blog was authored by Danny Adamitis, David Maynor and Kendall McKay. Executive summary Cisco Talos recently identified a series of documents that we believe are part of a coordinated series of cyber attacks that we are calling the "Frankenstein" campaign. We assess that the attackers carried...

IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IBM Websphere Application Server Network Deployment Untrusted Data Deserialization Remote Code Execution', 'Description' = % This module exploits...

IBM Websphere Application Server Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IBM Websphere Application Server Network Deployment Untrusted Data Deserialization Remote Code Execution', 'Description' = % This module exploits...

Hunting COM Objects

COM objects have recently been used by penetration testers, Red Teams, and malicious actors to perform lateral movement. COM objects were studied by several other researchers in the past, including Matt Nelson enigma0x3, who published a blog post about it in 2017. Some of these COM objects were...

Hackers Infect 50,000 MS-SQL and PHPMyAdmin Servers with Rootkit Malware

Cyber Security researchers at Guardicore Labs today published a detailed report on a widespread cryptojacking campaign attacking Windows MS-SQL and PHPMyAdmin servers worldwide. Dubbed Nansh0u, the malicious campaign is reportedly being carried out by an APT-style Chinese hacking group who has...

IT threat evolution Q1 2019

Targeted attacks and malware campaigns Go Zebrocy Zebrocy was first observed being used as a Sofacy backdoor in 2015. However, the collection of cases where this tool has been used mean that we consider it a subset of activity in its own right. On the basis of this threat actor's past behaviour, ...

Graffiti - A Tool To Generate Obfuscated One Liners To Aid In Penetration Testing

NOTE : Never upload payloads to online checkers Graffiti is a tool to generate obfuscated oneliners to aid in penetration testing situations. Graffiti accepts the following languages for encoding: Python Perl Batch Powershell PHP Bash Graffiti will also accept a language that is not currently on...

Step 9. Protect your OS: top 10 actions to secure your environment

In “Step 9. Protect your OS” of the Top 10 actions to secure your environment blog series, we provide resources to help you configure Microsoft Defender Advanced Threat Protection Microsoft Defender ATP to defend your Windows, macOS, Linux, iOS, and Android devices from advanced threats. In an...

Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques

This blog was authored by Danny Adamitis, David Maynor, and Kendall McKay Executive summary Cisco Talos assesses with moderate confidence that a campaign we recently discovered called "BlackWater" is associated with suspected persistent threat actor MuddyWater. Newly associated samples from April...