Stompy - Timestomp Tool To Flatten MAC Times With A Specific Timestamp

A PowerShell function to perform timestomping on specified files and directories. The function can modify timestamps recursively for all files in a directory. Change timestamps for individual files or directories. Recursively apply timestamps to all files in a directory. Option to use specific...

Critical Photon OS Security Update - PHSA-2024-3.0-0717

Updates of 'powershell', 'gnutls', 'ansible' packages of Photon OS have been released...

Critical Photon OS Security Update - PHSA-2024-4.0-0556

Updates of 'linux-aws', 'gnutls', 'linux', 'linux-secure', 'linux-rt', 'powershell' packages of Photon OS have been released...

Critical Photon OS Security Update - PHSA-2024-5.0-0195

Updates of 'gnutls', 'ntpsec', 'linux-esx', 'linux', 'linux-secure', 'linux-rt', 'powershell' packages of Photon OS have been released...

New Microsoft Incident Response guides help security teams analyze suspicious activity

Today Microsoft Incident Response are proud to introduce two one-page guides to help security teams investigate suspicious activity in Microsoft 365 and Microsoft Entra. These guides contain the artifacts that Microsoft Incident Response hunts for and uses daily to provide our customers with...

pyGPOAbuse - Partial Python Implementation Of SharpGPOAbuse

Python partial implementation of SharpGPOAbuse by@pkb1s This tool can be used when a controlled account can modify an existing GPO that applies to one or more users & computers. It will create an immediate scheduled task as SYSTEM on the remote computer for computer GPO, or as logged in user for...

Hackers Weaponize Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer

Threat actors have been observed leveraging a now-patched security flaw in Microsoft Windows to deploy an open-source information stealer called Phemedrone Stealer. "Phemedrone targets web browsers and data from cryptocurrency wallets and messaging apps such as Telegram, Steam, and Discord," Tren...

Improper Access Control

Overview PowerShell is a package containing the PowerShell global tool Affected versions of this package are vulnerable to Improper Access Control when using X.509 chain building APIs but do not completely validate the X.509 certificate due to a logic flaw. An attacker could present an arbitrary...

Turkish Hackers Exploiting Poorly Secured MS SQL Servers Across the Globe

Poorly secured Microsoft SQL MS SQL servers are being targeted in the U.S., European Union, and Latin American LATAM regions as part of an ongoing financially motivated campaign to gain initial access. "The analyzed threat campaign appears to end in one of two ways, either the selling of 'access'...

Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper Malware

The recent wave of cyber attacks targeting Albanian organizations involved the use of a wiper called No-Justice. The findings come from cybersecurity company ClearSky, which said the Windows-based malware "crashes the operating system in a way that it cannot be rebooted." The intrusions have been...

UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT

The threat actor known as UAC-0050 is leveraging phishing attacks to distribute Remcos RAT using new strategies to evade detection from security software. "The group's weapon of choice is Remcos RAT, a notorious malware for remote surveillance and control, which has been at the forefront of its...

Veeam PowerShell Command Fails With: "Unable to connect to the server with MFA-enabled user account."

Challenge When attempting to execute Veeam PowerShell commands, the following error occurs: Unable to connect to the server with MFA-enabled user account. Cause This error occurs when MFA Multi-Factor Authentication is enabled within Veeam Backup & Replication and the account you are logged in as...

CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK

The Computer Emergency Response Team of Ukraine CERT-UA has warned of a new phishing campaign orchestrated by the Russia-linked APT28 group to deploy previously undocumented malware such as OCEANMAP, MASEPIE, and STEELHOOK to harvest sensitive information. The activity, which was detected by the...

Microsoft Windows PowerShell Code Execution / Event Log Bypass Vulnerabilities

Prior work from this researcher disclosed how PowerShell executes unintended files or BASE64 code when processing specially crafted filenames. This research builds on their PSTrojanFile work, adding a PS command line single quote bypass and PS event logging failure. On Windows CL tab, completing ...

Microsoft Windows PowerShell Code Execution / Event Log Bypass

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WINDOWSPOWERSHELLSINGLEQUOTECODEEXECEVENTLOGBYPASS.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Microsoft Windows PowerShell Built on the...

Moderate Photon OS Security Update - PHSA-2023-5.0-0180

Updates of 'powershell' packages of Photon OS have been released...

UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware

The threat actor known as UAC-0099 has been linked to continued attacks aimed at Ukraine, some of which leverage a high-severity flaw in the WinRAR software to deliver a malware strain called LONEPAGE. "The threat actor targets Ukrainian employees working for companies outside of Ukraine,"...

Imperva Detects Undocumented 8220 Gang Activities

Imperva Threat Research has detected previously undocumented activity from the 8220 gang, which is known for the mass deployment of malware using a variety of continuously evolving TTPs. This threat actor has been known to target both Windows and Linux web servers with cryptojacking malware. In...

Microsoft PowerShell Information Disclosure Vulnerability (Dec 2023) - Windows

This host is missing an important security update for PowerShell Core according to Microsoft security advisory CVE-2023-36013. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Microsoft PowerShell Information Disclosure Vulnerability (Dec 2023) - Linux

This host is missing an important security update for PowerShell Core according to Microsoft security advisory CVE-2023-36013. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...