3059 matches found
PowerUpSQL - A PowerShell Toolkit for Attacking SQL Server
The PowerUpSQL module includes functions that support SQL Server discovery, auditing for common weak configurations, and privilege escalation on scale. It is intended to be used during internal penetration tests and red team engagements. However, PowerUpSQL also includes many functions that could...
Unable-to-refresh-Storefront-Console
Event Viewer error: "An error occured during refresh. An error occured running the command: 'Get-DSWebReceiversSummary' Citrix.DeliveryServices.PowerShell.Command.Runner.Exceptions.PowerShellExecutionException: An error occured running the command: 'Get-DSWebReceiversSummary' ---...
Microsoft Azure Cloud Security Auditing: Azurite
Microsoft Azure Cloud Security Auditing Auditing Cloud services has become an essential task and significant effort is required to assess the security of the available resources. Azurite was developed to assist penetration testers and auditors during the enumeration and reconnaissance activities...
How to Configure a Store Using PowerShell
This article lists and explains the commands to create and configure a store using PowerShell...
HatDBG - Minimal WIN32 Debugger in Powershell
The HatDBG is A pure Powershell win32 debugging abstraction class. The goal of this project is to make a powershell debugger. It is intended to be used during internal penetration tests and red team engagements. This is exclusively for educational purposes. The debugger objects implementing a...
Microsoft Windows - Fileless UAC Protection Bypass Privilege Escalation (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Windows Escalate UAC Protection Bypass with Fileless', 'Description' = %q This module will bypass Windows UAC by utilizing...
WMI vs. WMI: Monitoring for Malicious Activity
Hello my name is: WMI WMI has been a core component of Windows since Windows 98, but it is not exactly old wine in a new bottle. WMI more closely resembles that bottle of ‘61 Bordeaux wine that continues to impress us as it ages and matures. WMI was developed as Microsoft’s interpretation of...
Microsoft Open Sources PowerShell; Now Available for Linux and Mac OS X
'Microsoft loves Linux' and this has never been so true than now. Microsoft today made its PowerShell scripting language and command-line shell available to the open source developer community on GitHub under the permissive MIT license. The company has also launched alpha versions of PowerShell f...
Latest Windows UAC Bypass Permits Code Execution
Less than a month after disclosing a Windows User Account Control bypass, researcher Matt Nelson today published another attack that circumvents the security feature and leaves no traces on the hard disk. This time, the bypass relies on Event Viewer eventvwr.exe, a native Windows feature used to...
SMB Delivery Module
require 'msf/core' require 'msf/core/exploit/powershell' class MetasploitModule "SMB Delivery", 'Description' = %q This module serves payloads via an SMB server and provides commands to retrieve and execute the generated payloads. Currently supports DLLs and Powershell. , 'License' = MSFLICENSE,...
SMB Delivery
This module serves payloads via an SMB server and provides commands to retrieve and execute the generated payloads. Currently supports DLLs and Powershell. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
PowerWare Ransomware Masquerades as Locky to Intimidate Victims
A new variant of the PowerWare ransomware is stealing street creds from the Locky strain of ransomware in an attempt to spoof the malware family. A new sample of PowerWare found by Palo Alto Networks’ Unit 42 reveals the ransomware’s quickly evolving tactics. According to researchers, a new versi...
Microsoft Windows PowerShell Execution Policy
Nessus was able to collect and report the PowerShell execution policy for the remote Windows host. C Tenable Network Security, Inc. include"compat.inc"; if !definedfunc"nasllevel" || nasllevel 5200 exit0, "Not Nessus 5.2+"; if description scriptid92367; scriptversion"1.6";...
Cerber: Analyzing a Ransomware Attack Methodology To Enable Protection
Ransomware is a common method of cyber extortion for financial gain that typically involves users being unable to interact with their files, applications or systems until a ransom is paid. Accessibility of cryptocurrency such as Bitcoin has directly contributed to this ransomware model. Based on...
Cerber: Analyzing a Ransomware Attack Methodology To Enable Protection
Ransomware is a common method of cyber extortion for financial gain that typically involves users being unable to interact with their files, applications or systems until a ransom is paid. Accessibility of cryptocurrency such as Bitcoin has directly contributed to this ransomware model. Based on...
Cerber: Analyzing a Ransomware Attack Methodology To Enable Protection
Ransomware is a common method of cyber extortion for financial gain that typically involves users being unable to interact with their files, applications or systems until a ransom is paid. Accessibility of cryptocurrency such as Bitcoin has directly contributed to this ransomware model. Based on...
CVE-2016-0321
IBM Personal Communications aka PCOMM 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script...
CVE-2016-0321
IBM Personal Communications aka PCOMM 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script...
Design/Logic Flaw
IBM Personal Communications aka PCOMM 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script...
CVE-2016-0321
IBM Personal Communications aka PCOMM 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script...