Remote Desktop Caching - Tool To Recover Old RDP (mstsc) Session Information In The Form Of Broken PNG Files

This tool allows one to recover old RDP mstsc session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an...

Win-PortFwd - Powershell Script To Setup Windows Port Forwarding Using Native Netsh Client

Powershell script to setup windows port forwarding using native netsh client. Install: git clone https://github.com/deepzec/Win-PortFwd.git Usage: .\win-portfwd.ps1 or powershell.exe -noprofile -executionpolicy bypass -file .\win-portfwd.ps1 Note: This script require admin privileges to run, this...

Unable to deploy custom receiver from Store front. Getting " An error occurred while saving changes on the "Deploy Citrix Receiver" property dialog. Please check the log in event viewer and try again."

While trying to add customized "receiver.exe" to deploy receiver option in Storefront, you might get following error while saving it. "An error occurred while saving changes on the "Deploy Citrix Receiver" property dialog. Please check the log in event viewer and try again". It works fine with...

Case Study: A Cryptomining Attack — With an Assist From Advanced Malware Techniques

In Carbon Black's Quarterly Incident Response Threat Report QIRTR, some of the world’s leading incident response IR professionals reported seeing an uptick in lateral movement, counter incident response, and island-hopping attacks from motivated nation-states. In the case study below, Kroll notes...

How to enable the Firewall rules required by Veeam ONE on the Windows Server Core OS

Challenge Veeam ONE cannot collect any data due to closed Firewall rules on the Windows Server Core OS side. Cause Due to the Windows Server Core OS limitations, it is impossible to enable the necessary Firewall rules required by Veeam ONE using Windows Firewall UI. Solution Enable the rules CMD...

sRDI - Shellcode Implementation Of Reflective DLL Injection

sRDI allows for the conversion of DLL files to position independent shellcode. Functionality is accomplished via two components: C project which compiles a PE loader implementation RDI to shellcode Conversion code which attaches the DLL, RDI, and user data together with a bootstrap This project i...

A mining multitool

Recently, an interesting miner implementation appeared on Kaspersky Lab's radar. The malware, which we dubbed PowerGhost, is capable of stealthily establishing itself in a system and spreading across large corporate networks infecting both workstations and servers. This type of hidden consolidati...

Unidesk Appliance Backup Utility scheduled task must be run as the same user who ran the tool

When you make a scheduled appliance backup task with the utility, the task must specify the same Run As user as the one you're logged in with when you run the tool. Otherwise, your encrypted passwords for vCenter and the MA will be unavailable. You will see errors like this in the Appliance Backu...

System Center Virtual Machine Manager, version 1807

System Center Virtual Machine Manager, version 1807 Applies to:System Center Virtual Machine Manager, version 1807 Introduction This article describes the issues that are fixed in System Center Virtual Machine Manager, version 1807. There are three downloads available for Virtual Machine Manager:...

PoshC2

!PoshC2 Logohttps://raw.githubusercontent.com/nettitude/PoshC...

Massive Malspam Campaign Finds a New Vector for FlawedAmmyy RAT

A widespread spam campaign from the well-known financial criminal group TA505 is spreading the FlawedAmmyy RAT using a brand-new vector: Weaponized PDFs containing malicious SettingContent-ms files. The SettingContent-ms file format was introduced in Windows 10; it allows a user to create...

Microsoft Releases PowerShell Core for Linux as a Snap Package

Microsoft's love for Linux continues… Microsoft has released its command-line shell and scripting language PowerShell Core for Linux operating system as a Snap package, making it easier for Linux users to install Microsoft PowerShell on their system. Yes, you heard me right. Microsoft has made...

Microsoft Releases PowerShell Core for Linux as a Snap Package

Microsoft's love for Linux continues… Microsoft has released its command-line shell and scripting language PowerShell Core for Linux operating system as a Snap package, making it easier for Linux users to install Microsoft PowerShell on their system. Yes, you heard me right. Microsoft has made...

Microsoft PowerShell Core Security Feature Bypass Vulnerability (Jul 2018) - Linux

This host is missing an important security update for PowerShell Core according to Microsoft security advisory CVE-2018-8356. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Microsoft PowerShell Core Security Feature Bypass Vulnerability (Jul 2018) - Windows

This host is missing an important security update for PowerShell Core according to Microsoft security advisory CVE-2018-8356. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Microsoft PowerShell Core Security Feature Bypass Vulnerability (Jul 2018) - Mac OS X

This host is missing an important security update for PowerShell Core according to Microsoft security advisory CVE-2018-8356. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Carbon Black Report: China, Russia & North Korea Launching Sophisticated, Espionage-Focused Cyberattacks

Even as a steady drumbeat of headlines keeps the world’s attention focused on cybercrimes, such as ransomware and cryptojacking, in the dark corners of the internet, attackers are busy refining their craft. According to the world’s top incident response IR professionals, cyberattackers are honing...

PoshRat Command Control Attempt

PoshRat is an open source tool that uses evasions techniques for reverse interactive PowerShell. A remote attacker can send malicious file that triggers the vulnerability...

Microsoft PowerShell Editor Services RCE Vulnerability

This host is missing a critical security update according to Microsoft advisory CVE-2018-8327. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Ibombshell - Dynamic Remote Shell

ibombshell is a tool written in Powershell that allows you to have a prompt at any time with post-exploitation functionalities and in some cases exploitation. It is a shell that is downloaded directly to memory providing access to a large number of pentesting features. These functionalities can b...