SolarMarker Malware Uses Novel Techniques to Persist on Hacked Systems

In a sign that threat actors continuously shift tactics and update their defensive measures, the operators of the SolarMarker information stealer and backdoor have been found leveraging stealthy Windows Registry tricks to establish long-term persistence on compromised systems. Cybersecurity firm...

Microsoft Issues Fix for Exchange Y2K22 Bug That Crippled Email Delivery Service

Microsoft, over the weekend, rolled out a fix to address an issue that caused email messages to get stuck on its Exchange Server platforms due to what it blamed on a date validation error at around the turn of the year. "The problem relates to a date check failure with the change of the new year...

Hackers Using Microsoft MSHTML Flaw to Spy on Targeted PCs with Malware

A new Iranian threat actor has been discovered exploiting a now-addressed critical flaw in the Microsoft Windows MSHTML platform to target Farsi-speaking victims with a previously undocumented PowerShell-based information stealer designed to harvest extensive details from infected machines. "The...

Canadian Furious Beaver - A Tool For Monitoring IRP Handler In Windows Drivers, And Facilitating The Process Of Analyzing, Replaying And Fuzzing Windows Drivers For Vulnerabilities

Furious Beaver is a distributed tool for capturing IRPs sent to any Windows driver. It operates in 2 parts: 1. the "Broker" combines both a user-land agent and a self-extractable driver IrpDumper.sys that will install itself on the targeted system. Once running it will expose depending on the...

CVE-2021-34420

The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify the signature of files with .msi, .ps1, and .bat extensions. This could lead to a malicious actor installing malicious software on a customer’s computer...

Mekotio Banking Trojan Resurges with Tweaked Code, Stealthy Campaign

The Mekotio Latin American banking trojan is bouncing back after several of the gang that operates it were arrested in Spain. More than 100 attacks in recent weeks have featured a new infection routine, indicating that the group continues to actively retool. “The new campaign started right after...

A Guide to Shift Away from Legacy Authentication Protocols in Microsoft 365

Microsoft 365 M365, formerly called Office 365 O365, is Microsoft's cloud strategy flagship product with major changes ahead, such as the deprecation of their legacy authentication protocols. Often stored on or saved to the device, Basic Authentication protocols rely on sending usernames and...

Citrix gateway plugin executes PowerShell script obfuscated code which might be blocked by Antivirus software

We might see errors somewhat like below in AntiVirus : Event type: Process action blocked Component: Adaptive Anomaly Control Rule name: PowerShell executes obfuscated code Source process: c:\windows\system32\windowspowershell\v1.0\powershell.exe Application : "C:\Program Files\Citrix\Secure Acce...

REvil ransomware attack against MSPs and its clients around the world

An attack perpetrated by REvil aka Sodinokibi ransomware gang against Managed Service Providers MSPs and their clients was discovered on July 2. Some of the victims have reportedly been compromised through a popular MSP software which led to encryption of their customers. The total number of...

Citrix App Layering 4.x: PVS Connector (BootPrivate)

Introduction When publishing an image to PVS the PVS Connector allows for running a PowerShell script after an image is uploaded to the PVS Store and added as a vDisk. This sample script is intended to show Citrix customers how this scripting can be used to increase administrative productivity...

Profile Management Configuration Checking Tool - UPMConfigCheck

Please note: You can download the required file from the Citrix downloads website by visiting the following link: https://www.citrix.com/downloads/citrix-tools Profile Management Configuration Check Tool UPMConfigCheck Created Date: February 27, 2012 Updated Date: August 23, 2023 Description...

Citrix App Layering 4.x: PVS Connector Script to Convert VHD to VHDX

Introduction When publishing an image to PVS the Citrix App Layering PVS Connector allows for running a PowerShell script after an image in uploaded to the PVS Store and Added as a vDisk. This sample script is intended to show Citrix customers how this scripting can be used to increase...

Persistent CDF Tracing Enabler - For Citrix Windows Receiver

Persistent CDF Tracing Enabler - For Citrix Windows Receiver Created Date: July 2014 Where to download ? Certain legacy Citrix tools are now available on request only. Please submit the request here - https://forms.gle/obA39PEz5qpDiSPq8 Once we verify your request, we will provide access to the...

Fix Incorrect Service Endpoint in XA/XD sites

Note: This script applies to XA/XD 7.0 and above. Overview This PowerShell script attempts to fix any bad, missing,changed, or incorrect service endpoints in a site. Please note: You can download the required file from the Citrix downloads website by visiting the following...

TAU Technical Report: New Attack Combines TinyPOS With Living-off-the-Land Techniques for Scraping Credit Card Data

In April of 2020 VMware Carbon Black Threat Analysis Unit TAU researchers worked with an Incident Response IR partner on a piece of malware that was discovered during an ongoing PCI investigation. The combined analysis showed that attackers who previously leveraged a malware family called TinyPOS...

Update Rollup 3 for System Center 2012 R2 Data Protection Manager

Update Rollup 3 for System Center 2012 R2 Data Protection Manager Introduction This article describes new features and issues that are fixed in Update Rollup 3 for Microsoft System Center 2012 R2 Data Protection Manager DPM. Additionally, this article contains the installation instructions for...

Update Rollup 2 for System Center 2016 Operations Manager

Update Rollup 2 for System Center 2016 Operations Manager Introduction This article describes the issues that are fixed in Update Rollup 2 for Microsoft System Center 2016 Operations Manager. It also contains the installation instructions for this update. Issues that are fixed in this update roll...

PowerShell-Suite

This repository is an offensive tool for Windows UAC User Account Control bypass. The tool, named "Bypass-UAC," provides a framework to perform UAC bypasses based on auto-elevating IFileOperation COM object method calls. It rewrites PowerShell's PEB Portable Executable Binary to give it the...

CVE-2020-9326

BeyondTrust Privilege Management for Windows and Mac aka PMWM; formerly Avecto Defendpoint 5.1 through 5.5 before 5.5 SR1 mishandles command-line arguments with PowerShell .ps1 file extensions present, leading to a DefendpointService.exe crash...

RedRabbit - Red Team PowerShell Script

RedRabbit is a PowerShell script aimed at helping pentesters conduct ethical hacking RedTeam To Run: You can either run locally by downloading the script or run remotely using: powershell –nop –c “iexNew-Object...