KB4467702: Windows 10 Version 1803 and Windows Server Version 1803 November 2018 Security Update

The remote Windows host is missing security update 4467702. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists in Microsoft JScript that could allow an attacker to bypass Device Guard. CVE-2018-8417 - An elevation of privilege vulnerability...

August 30, 2018—KB4343889 (OS Build 15063.1292)

August 30, 2018—KB4343889 OS Build 15063.1292 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue that causes win32kfull.sys to stop working Stop 3B when cancelling journal...

KB4467696: Windows 10 Version 1703 November 2018 Security Update

The remote Windows host is missing security update 4467696. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists in Microsoft JScript that could allow an attacker to bypass Device Guard. CVE-2018-8417 - A remote code execution vulnerability...

KB4467708: Windows 10 Version 1809 and Windows Server 2019 November 2018 Security Update

The remote Windows host is missing security update 4467708. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists in Microsoft JScript that could allow an attacker to bypass Device Guard. CVE-2018-8417 - A remote code execution vulnerability...

AutoRDPwn v4.8 - The Shadow Attack Framework

AutoRDPwn is a script created in Powershell and designed to automate the Shadow attack on Microsoft Windows computers. This vulnerability allows a remote attacker to view his victim's desktop without his consent, and even control it on request. For its correct operation, it is necessary to comply...

TAU Threat Intelligence Notification: DarkHydrus/RogueRobin

Recently, Palo Alto Unit 42 released an updated report regarding new DarkHydrus delivery documents, which includes the installation of an updated variant of the RogueRobin trojan. This document includes details on both DarkHydrus and RogueRobin, along with detection rules and search queries that...

Code injection

An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell...

CVE-2018-20146

An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell...

CVE-2018-20146

An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell...

CVE-2018-20146

CVE-2018-20146 affects Liquidware ProfileUnity (and Liquidware FlexApp) before 6.8.0. A local user can obtain administrator rights, demonstrated via PowerShell. Impact is local privilege escalation with full confidentiality/integrity/availability implications. Remediation: upgrade to ProfileUnity...

CVE-2018-20146

An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell...

Nuuo Central Management SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nuuo Central Management Authenticated SQL Server SQLi', 'Description' = %q The Nuuo Central Management Server allows an authenticated user to que...

Combing Through Brushaloader Amid Massive Detection Uptick

Nick Biasini and Edmund Brumaghin authored this blog post with contributions from Matthew Molyett. Executive Summary Over the past several months, Cisco Talos has been monitoring various malware distribution campaigns leveraging the malware loader Brushaloader to deliver malware payloads to...

DCOMrade - Powershell Script For Enumerating Vulnerable DCOM Applications

DCOMrade is a Powershell script that is able to enumerate the possible vulnerable DCOM applications that might allow for lateral movement, code execution, data exfiltration, etc. The script is build to work with Powershell 2.0 but will work with all versions above as well. The script currently...

Guidance to mitigate unconstrained delegation vulnerabilities

Executive Summary Active Directory Forest trusts provide a secure way for resources in a forest to trust identities from another forest. This trust is directional; a trusted forest can authenticate its users to the trusting forest without allowing the reverse. A feature, Enforcement for forest...

Microsoft Excel .SLK Payload Delivery

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Microsoft Excel .SLK Payload Delivery", 'Description' = %Q This module generates a download and execute Powershell command to be placed in an .SL...

Solving the TLS 1.0 problem

The use of Transport Layer Security TLS encryption for data in transit is a common way to help ensure the confidentiality and integrity of data transmitted between devices, such as a web server and a computer. However, in recent years older versions of the protocol have been shown to have...

TAU Threat Intelligence Notification – Fake Movie File Attack Targeting Cryptocurrency

A malicious Windows shortcut file is posing as a movie available on a torrent site - its payload is used to conduct web-injection, ultimately targeting victim’s web searches in browsers like Chrome, Firefox and Internet Explorer. The payload has the ability to search for and steal cryptocurrency...

TAU Threat Intelligence Notification: Spear Phishing Targeting Italy

Summary This campaign is targeting users in Italy with spear phishing email containing malicious attachments. Figure 1: Emails with the malicious XLS attachment The image above show one of the sample has attached in multiple email that has been sent to email address with Italy ccTLD. The attached...

BMC Patrol Agent Privilege Escalation Cmd Execution

This module leverages the remote command execution feature provided by the BMC Patrol Agent software. It can also be used to escalate privileges on Windows hosts as the software runs as SYSTEM but only verfies that the password of the provided user is correct. This also means if the software is...