Lazarus Group Likely Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data

A new backdoor associated with a malware downloader named Wslink has been discovered, with the tool likely used by the notorious North Korea-aligned Lazarus Group, new findings reveal. The payload, dubbed WinorDLL64 by ESET, is a fully-featured implant that can exfiltrate, overwrite, and delete...

Lazarus Group Likely Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data

A new backdoor associated with a malware downloader named Wslink has been discovered, with the tool likely used by the notorious North Korea-aligned Lazarus Group, new findings reveal. The payload, dubbed WinorDLL64 by ESET, is a fully-featured implant that can exfiltrate, overwrite, and delete...

CVE-2023-21529

creationtimestamp| type| source ---|---|--- 2023-02-22 03:33:02+00:00| seen| https://t.me/realvulnerabilities/6 2024-03-08 16:03:05+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/6762 2024-03-08 20:16:21+00:00| seen| https://t.me/ctinow/203557 2024-09-05 15:39:37+00:00| seen|...

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2022-41082-POC PoC for the CVE-2022-41082 NotProxyShell OW...

Cannot join Server Group - Error occurred running the command: Start-DSClusterJoinService

When trying to add Storefront server to existing group, getting error: When checking event viewer logs on Storefront server, we see: An error occurred running the command: 'Start-DSClusterJoinService' Exception of type...

Experts Warn of 'Beep' - A New Evasive Malware That Can Fly Under the Radar

Cybersecurity researchers have unearthed a new piece of evasive malware dubbed Beep that's designed to fly under the radar and drop additional payloads onto a compromised host. "It seemed as if the authors of this malware were trying to implement as many anti-debugging and anti-VM anti-sandbox...

Experts Warn of 'Beep' - A New Evasive Malware That Can Fly Under the Radar

Cybersecurity researchers have unearthed a new piece of evasive malware dubbed Beep that's designed to fly under the radar and drop additional payloads onto a compromised host. "It seemed as if the authors of this malware were trying to implement as many anti-debugging and anti-VM anti-sandbox...

SUSE CVE-2018-8292

An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0...

SUSE CVE-2022-22744

The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.This bug only affects Thunderbird for Windows. Other operating systems are unaffected.. This vulnerability...

SUSE CVE-2022-24765

Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder C:.git, which would be picked up by Git operation...

SUSE CVE-2022-39327

Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...

Veeam PowerShell cmdlets to help Automate Backup Copy Backup Format Upgrade

This article provides information about using Veeam PowerShell to automate the procedure of upgrading Legacy Periodic Backup Copy jobs to use the new True Per-Machine backup format. These PowerShell commands can be used to simplify the Backup Chain Format upgrade process...

Invoke-Transfer - PowerShell Clipboard Data Transfer

Invoke-Transfer Invoke-Transfer is a PowerShell Clipboard Data Transfer. This tool helps you to send files in highly restricted environments such as Citrix, RDP, VNC, Guacamole.. using the clipboard function. As long as you can send text through the clipboard, you can send files in text format, i...

Powershell-Backdoor-Generator - Obfuscated Powershell Reverse Backdoor With Flipper Zero And USB Rubber Ducky Payloads

Reverse backdoor written in Powershell and obfuscated with Python. Allowing the backdoor to have a new signature after every run. Also can generate auto run scripts for Flipper Zero and USB Rubber Ducky. usage: listen.py -h --ip-address IPADDRESS --port PORT --random --out OUT --verbose --delay...

Zoho ManageEngine Endpoint Central / MSP 10.1.2228.10 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine Endpoint Central Unauthenticated SAML RCE', 'Description' = %q This exploits an unauthenticated remote code execution vulnerability...

Hackers Exploit Vulnerabilities in Sunlogin to Deploy Sliver C2 Framework

Threat actors are leveraging known flaws in Sunlogin software to deploy the Sliver command-and-control C2 framework for carrying out post-exploitation activities. The findings come from AhnLab Security Emergency response Center ASEC, which found that security vulnerabilities in Sunlogin, a remote...

Hackers Exploit Vulnerabilities in Sunlogin to Deploy Sliver C2 Framework

Threat actors are leveraging known flaws in Sunlogin software to deploy the Sliver command-and-control C2 framework for carrying out post-exploitation activities. The findings come from AhnLab Security Emergency response Center ASEC, which discovered that security vulnerabilities in Sunlogin, a...

Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware

In a continuing sign that threat actors are adapting well to a post-macro world, it has emerged that the use of Microsoft OneNote documents to deliver malware via phishing attacks is on the rise. Some of the notable malware families that are being distributed using this method include AsyncRAT,...

Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware

In a continuing sign that threat actors are adapting well to a post-macro world, it has emerged that the use of Microsoft OneNote documents to deliver malware via phishing attacks is on the rise. Some of the notable malware families that are being distributed using this method include AsyncRAT,...

Veeam Backup and Replication Credentials Dump

This module exports and decrypts credentials from Veeam Backup & Replication and Veeam ONE Monitor Server to a CSV file; it is intended as a post-exploitation module for Windows hosts with either of these products installed. The module supports automatic detection of VBR / Veeam ONE and is capabl...