109 matches found
Threat Spotlight: AsyncRAT campaigns feature new version of 3LOSH crypter
By Edmund Brumaghin, with contributions from Alex Karkins. Ongoing malware distribution campaigns are using ISO disk images to deliver AsyncRAT, LimeRAT and other commodity malware to victims.The infections leverage process injection to evade detection by endpoint security software.These...
PT-2022-2284 · Swhkd · Swhkd
Name of the Vulnerable Software and Affected Versions: SWHKD version 1.1.5 Description: The issue is related to the unsafe use of the /tmp/swhks.pid pathname, which can lead to data loss or a denial of service. An attacker could exploit this to impact data integrity or cause a service disruption...
North Korean state-sponsored threat actor Lazarus Group exploiting Chrome Zero-day vulnerability
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here For more than a month before a fix was available, North Korean state hackers known as Lazarus group exploited a zero-day, remote code execution vulnerability CVE-2022-0609 in Google Chromes web browser. The attack mainly targe...
CAPEv2 - Malware Configuration And Payload Extraction
CAPE is a malware sandbox. It was derived from Cuckoo with the goal of adding automated malware unpacking and config extraction - hence its name is an acronym: 'Config And Payload Extraction'. Automated unpacking allows classification based on Yara signatures to complement network Suricata and...
Exploit for Out-of-bounds Write in Polkit_Project Polkit
CVE-2021-4034-PwnKit PwnKit PoC for Polkit pkexec CVE-2021-403...
MoonBounce: New malware deployed by APT41 in UEFI firmware
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. MoonBounce is a new type of malware that hides in the most complex part of an Operating System OS, the Basic Input Output System BIOS chip, and thus persists even after reinstalling your OS or formatting your hard drive...
LittleCorporal - A C# Automated Maldoc Generator
LittleCorporal: A C Automated Maldoc Generator C:\LittleCorporal\bin\ReleaseLittleCorporal.exe C:\beacon.bin explorer.exe . . . . | | ||/ |/ || | \ \ | | | | | \ \ \ | / / \ / / \ \ \ / \ \ \ | | | || || | | | | |\ /\ \ | / | | // | | | ||| || |/\ \ //|| | / /|| // / / / || / / \ / o\ /...
Nimplant - A Cross-Platform Implant Written In Nim
Nimplant is a cross-platform Linux & Windows implant written in Nim as a fun project to learn about Nim and see what it can bring to the table for red team tool development. Currently, Nimplant lacks extensive evasive tradecraft; however, overtime Nimplant will become much more sophisticated...
CVE-2020-18174
A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 allows attackers to escalate privileges...
CVE-2020-18174
A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 allows attackers to escalate privileges...
Design/Logic Flaw
A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 allows attackers to escalate privileges...
CVE-2020-18174
A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 allows attackers to escalate privileges...
CVE-2020-18174
The CVE-2020-18174 entry concerns AutoHotkey 1.1.32.00, where a process-injection issue in setup.exe enables privilege escalation. The description indicates the vulnerable component is setup.exe and the impact is escalation of privileges, with no explicit remediation details provided in the suppl...
Sharperner - Simple Executable Generator With Encrypted Shellcode
Sharperner is a tool written in CSharp that generate .NET dropper with AES and XOR obfuscated shellcode. Generated executable can possibly bypass signature check but I cant be sure it can bypass heuristic scanning. Features PE binary Process Hollowing PPID Spoofing Random generated AES key and iv...
Link - A Command And Control Framework Written In Rust
link is a command and control framework written in rust. Currently in beta. Introduction link provides MacOS, Linux and Windows implants which may lack the necessary evasive tradecraft provided by other more mature command and control frameworks. Tested on Linux only. Features Hopefully this list...
ATT&CK Table for Sophisticated Spearphishing Campaign CSA
Summary See Technical Details section Technical Details Table 1 provides a summary of the MITRE ATT&CK techniques observed. Table 1: MITRE ATT&CK techniques observed Technique Title | Technique ID ---|--- Process Injection: Dynamic-link Library Injection | T1055.001 Ingress Tool Transfer | T1105...
Windows/x64 Inject All Processes With Meterpreter Reverse Shell Shellcode (655 bytes)
Shellcode Title: Windows/x64 - Inject All Processes with Meterpreter Reverse Shell 655 Bytes Shellcode Author: Bobby Cooke boku Tested on: Windows 10 v2004 x64 Compiled from: Kali Linux x8664 Shellcode Description: 64bit Windows 10 shellcode that injects all processes with Meterpreter reverse...
A deep dive into Saint Bot, a new downloader
This post was authored by Hasherezade with contributions from Hossein Jazi and Erika Noerenberg In late March 2021, Malwarebytes analysts discovered a phishing email with an attached zip file containing unfamiliar malware. Contained within the zip file was a PowerShell script masquerading as a li...
K55 - Linux X86_64 Process Injection Utility | Manipulate Processes With Customized Payloads
pronounced: "kay fifty-five" The K55 payload injection tool is used for injecting x8664 shellcode payloads into running processes. The utility was developed using modern C++11 techniques as well as some traditional C linux functions like ptrace. The shellcode spawned in the target process is 27...
Code injection
Beijing Huorong Internet Security 5.0.55.2 allows a non-admin user to escalate privileges by injecting code into a process, and then waiting for a Huorong services restart or a system reboot...