Microsoft Azure AD Connect Elevation of Privilege Vulnerability - Windows

Microsoft Azure AD Connect is prone to an elevation of privilege vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program...

CVE-2019-1000

An elevation of privilege vulnerability exists in Microsoft Azure Active Directory Connect build 1.3.20.0, which allows an attacker to execute two PowerShell cmdlets in context of a privileged account, and perform privileged actions.To exploit this, an attacker would need to authenticate to the...

Exploit for Use After Free in Microsoft

CVE-2019-0708-Vulnerability-Scanner Powershell script to run a...

Microsoft Azure Active Directory Connect Remote Elevation of Privilege Vulnerability (CNVD-2019-14680)

Microsoft Azure Active Directory Connect ADC is a service from Microsoft that provides identity and access management in the cloud. A remote elevation of privilege vulnerability exists in Microsoft Azure Active Directory Connect. It allows an attacker to execute two PowerShell Cmdlets in the...

Microsoft Guidance to mitigate Microarchitectural Data Sampling vulnerabilities

Executive Summary On May 14, 2019, Intel published information about a new subclass of speculative execution side channel vulnerabilities known as Microarchitectural Data Sampling. An attacker who successfully exploited these vulnerabilities may be able to read privileged data across trust...

Windows Defender Application Control Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in Windows Defender Application Control WDAC which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could circumvent Windows PowerShell Constrained Language Mode on the machine. To exploit...

Microsoft Azure AD Connect Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Microsoft Azure Active Directory Connect build 1.3.20.0, which allows an attacker to execute two PowerShell cmdlets in context of a privileged account, and perform privileged actions. To exploit this, an attacker would need to authenticate to the...

Oracle Weblogic Server - 'AsyncResponseService' Deserialization Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle Weblogic Server Deserialization RCE - AsyncResponseService ', 'Description' = %q An unauthenticated attacker with network access to the...

PostgreSQL COPY FROM PROGRAM Command Execution Exploit

Installations running Postgres 9.3 and above have functionality which allows for the superuser and users with 'pgexecuteserverprogram' to pipe to and from an external program using COPY. This allows arbitrary command execution as though you have console access. This module attempts to create a ne...

PeekABoo - Tool To Enable Remote Desktop On The Targeted Machine

PeekABoo tool can be used during internal penetration testing when a user needs to enable Remote Desktop on the targeted machine. It uses PowerShell remoting to perform this task. The tool only works if WinRM is enabled. Since Windows Server 2012 WinRM is enabled by default on all Windows server...

Windows PowerShell ISE - Remote Code Execution

Windows PowerShell ISE - Remote Code Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WINDOWS-POWERSHELL-ISE-FILENAME-PARSING-FLAW-RCE-0DAY.txt + ISR: ApparitionSec + Zero Day Initiative Program Vendor...

Microsoft Windows PowerShell ISE - Remote Code Execution

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WINDOWS-POWERSHELL-ISE-FILENAME-PARSING-FLAW-RCE-0DAY.txt + ISR: ApparitionSec + Zero Day Initiative Program Vendor www.microsoft.com Product Windows PowerShell ISE The...

Windows PowerShell ISE / Filename Parsing Flaw Remote Code Execution Exploit

Microsoft Windows PowerShell ISE will execute wrongly supplied code when debugging specially crafted PowerShell scripts that contain array brackets as part of the filename. This can result in ISE executing attacker supplied scripts pointed to by the filename and not the "trusted" PS file currentl...

Windows PowerShell ISE / Filename Parsing Flaw Remote Code Execution

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WINDOWS-POWERSHELL-ISE-FILENAME-PARSING-FLAW-RCE-0DAY.txt + ISR: ApparitionSec + Zero Day Initiative Program Vendor www.microsoft.com Product Windows PowerShell ISE The...

Wipro Attackers Have Operated Under the Radar for Years

New details are emerging in the April attack on systems consulting behemoth Wipro, which saw its network hacked and used for mounting attacks on a dozen of its customers. In a fresh analysis of the indicators of compromise IOCs, Flashpoint analysts said that the cyberattackers have actually been...

Oracle Weblogic 10.3.6.0.0 12.1.3.0.0 - Remote Code Execution

Oracle Weblogic 10.3.6.0.0 12.1.3.0.0 - Remote Code Execution !/usr/bin/python Exploit Title: Oracle Weblogic Exploit CVE-2019-2725 Date: 30/04/2019 Exploit Author: Avinash Kumar Thapa Vendor Homepage: https://www.oracle.com/middleware/technologies/weblogic.html Software Link:...

MuddyWater APT Hones an Arsenal of Custom Tools

An array of customized attack tools are helping the MuddyWater advanced persistent threat APT group to successfully exfiltrate data from its governmental and telco targets in the Middle East; an analysis of this toolset reveals a moderately sophisticated threat actor at work – with the potential ...

Threat Roundup for April 19 to April 26

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 19 and April 26. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

CB TAU Threat Intelligence Notification: Emotet Utilizing WMI to Launch PowerShell Encoded Code

Carbon Black recently learned that a customer had received a malicious email, which was written in German and was attached with a password-protected zip file that contained a malicious document file. This phishing email belongs to the recent Emotet campaign. However, what makes this malware uniqu...

SilkETW - Flexible C# Wrapper For ETW (Event Tracing for Windows)

SilkETW is a flexible C wrapper for ETW, it is meant to abstract away the complexities of ETW and give people a simple interface to perform research and introspection. While SilkETW has obvious defensive and offensive applications it is primarily a research tool in it's current state. For easy...