Lucene search
K

109 matches found

Talos Blog
Talos Blog
added 2022/04/05 10:14 a.m.13 views

Threat Spotlight: AsyncRAT campaigns feature new version of 3LOSH crypter

By Edmund Brumaghin, with contributions from Alex Karkins. Ongoing malware distribution campaigns are using ISO disk images to deliver AsyncRAT, LimeRAT and other commodity malware to victims.The infections leverage process injection to evade detection by endpoint security software.These...

2.6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/03/29 12:0 a.m.2 views

PT-2022-2284 · Swhkd · Swhkd

Name of the Vulnerable Software and Affected Versions: SWHKD version 1.1.5 Description: The issue is related to the unsafe use of the /tmp/swhks.pid pathname, which can lead to data loss or a denial of service. An attacker could exploit this to impact data integrity or cause a service disruption...

9.4CVSS6.8AI score0.00493EPSS
Exploits1References13
hivepro
hivepro
added 2022/03/25 2:16 p.m.223 views

North Korean state-sponsored threat actor Lazarus Group exploiting Chrome Zero-day vulnerability

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here For more than a month before a fix was available, North Korean state hackers known as Lazarus group exploited a zero-day, remote code execution vulnerability CVE-2022-0609 in Google Chromes web browser. The attack mainly targe...

9.1AI score0.23546EPSS
Exploits0
Kitploit
Kitploit
added 2022/03/02 11:30 a.m.89 views

CAPEv2 - Malware Configuration And Payload Extraction

CAPE is a malware sandbox. It was derived from Cuckoo with the goal of adding automated malware unpacking and config extraction - hence its name is an acronym: 'Config And Payload Extraction'. Automated unpacking allows classification based on Yara signatures to complement network Suricata and...

8AI score
Exploits0References8
GithubExploit
GithubExploit
added 2022/01/30 3:8 a.m.238 views

Exploit for Out-of-bounds Write in Polkit_Project Polkit

CVE-2021-4034-PwnKit PwnKit PoC for Polkit pkexec CVE-2021-403...

7.8CVSS7.6AI score0.94921EPSS
Exploits151
hivepro
hivepro
added 2022/01/26 5:39 a.m.14 views

MoonBounce: New malware deployed by APT41 in UEFI firmware

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. MoonBounce is a new type of malware that hides in the most complex part of an Operating System OS, the Basic Input Output System BIOS chip, and thus persists even after reinstalling your OS or formatting your hard drive...

0.5AI score
Exploits0
Kitploit
Kitploit
added 2021/09/28 8:30 p.m.36 views

LittleCorporal - A C# Automated Maldoc Generator

LittleCorporal: A C Automated Maldoc Generator C:\LittleCorporal\bin\ReleaseLittleCorporal.exe C:\beacon.bin explorer.exe . . . . | | ||/ |/ || | \ \ | | | | | \ \ \ | / / \ / / \ \ \ / \ \ \ | | | || || | | | | |\ /\ \ | / | | // | | | ||| || |/\ \ //|| | / /|| // / / / || / / \ / o\ /...

7.6AI score
Exploits0References4
Kitploit
Kitploit
added 2021/08/13 9:30 p.m.67 views

Nimplant - A Cross-Platform Implant Written In Nim

Nimplant is a cross-platform Linux & Windows implant written in Nim as a fun project to learn about Nim and see what it can bring to the table for red team tool development. Currently, Nimplant lacks extensive evasive tradecraft; however, overtime Nimplant will become much more sophisticated...

7.8AI score
Exploits0References3
OSV
OSV
added 2021/07/26 8:15 p.m.2 views

CVE-2020-18174

A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 allows attackers to escalate privileges...

9.8CVSS5.8AI score0.01292EPSS
Exploits1References1
NVD
NVD
added 2021/07/26 8:15 p.m.16 views

CVE-2020-18174

A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 allows attackers to escalate privileges...

9.8CVSS0.01292EPSS
Exploits1References1
Prion
Prion
added 2021/07/26 8:15 p.m.13 views

Design/Logic Flaw

A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 allows attackers to escalate privileges...

7.5CVSS9.5AI score0.01292EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/07/26 6:26 p.m.21 views

CVE-2020-18174

A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 allows attackers to escalate privileges...

9.7AI score0.01292EPSS
Exploits1References1
CVE
CVE
added 2021/07/26 6:26 p.m.64 views

CVE-2020-18174

The CVE-2020-18174 entry concerns AutoHotkey 1.1.32.00, where a process-injection issue in setup.exe enables privilege escalation. The description indicates the vulnerable component is setup.exe and the impact is escalation of privileges, with no explicit remediation details provided in the suppl...

9.8CVSS9.5AI score0.01292EPSS
Exploits1References1Affected Software1
Kitploit
Kitploit
added 2021/07/06 9:30 p.m.360 views

Sharperner - Simple Executable Generator With Encrypted Shellcode

Sharperner is a tool written in CSharp that generate .NET dropper with AES and XOR obfuscated shellcode. Generated executable can possibly bypass signature check but I cant be sure it can bypass heuristic scanning. Features PE binary Process Hollowing PPID Spoofing Random generated AES key and iv...

7.8AI score
Exploits0References1
Kitploit
Kitploit
added 2021/06/08 12:30 p.m.37 views

Link - A Command And Control Framework Written In Rust

link is a command and control framework written in rust. Currently in beta. Introduction link provides MacOS, Linux and Windows implants which may lack the necessary evasive tradecraft provided by other more mature command and control frameworks. Tested on Linux only. Features Hopefully this list...

7.2AI score
Exploits0References10
ICS
ICS
added 2021/05/28 12:0 p.m.22 views

ATT&CK Table for Sophisticated Spearphishing Campaign CSA

Summary See Technical Details section Technical Details Table 1 provides a summary of the MITRE ATT&CK techniques observed. Table 1: MITRE ATT&CK techniques observed Technique Title | Technique ID ---|--- Process Injection: Dynamic-link Library Injection | T1055.001 Ingress Tool Transfer | T1105...

2.5AI score
Exploits0References21
0day.today
0day.today
added 2021/05/03 12:0 a.m.46 views

Windows/x64 Inject All Processes With Meterpreter Reverse Shell Shellcode (655 bytes)

Shellcode Title: Windows/x64 - Inject All Processes with Meterpreter Reverse Shell 655 Bytes Shellcode Author: Bobby Cooke boku Tested on: Windows 10 v2004 x64 Compiled from: Kali Linux x8664 Shellcode Description: 64bit Windows 10 shellcode that injects all processes with Meterpreter reverse...

0.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/04/06 9:37 p.m.18 views

A deep dive into Saint Bot, a new downloader

This post was authored by Hasherezade with contributions from Hossein Jazi and Erika Noerenberg In late March 2021, Malwarebytes analysts discovered a phishing email with an attached zip file containing unfamiliar malware. Contained within the zip file was a PowerShell script masquerading as a li...

8.4AI score
Exploits0
Kitploit
Kitploit
added 2021/01/14 11:30 a.m.60 views

K55 - Linux X86_64 Process Injection Utility | Manipulate Processes With Customized Payloads

pronounced: "kay fifty-five" The K55 payload injection tool is used for injecting x8664 shellcode payloads into running processes. The utility was developed using modern C++11 techniques as well as some traditional C linux functions like ptrace. The shellcode spawned in the target process is 27...

7.7AI score
Exploits0References1
Prion
Prion
added 2020/12/26 7:15 p.m.15 views

Code injection

Beijing Huorong Internet Security 5.0.55.2 allows a non-admin user to escalate privileges by injecting code into a process, and then waiting for a Huorong services restart or a system reboot...

7.5CVSS9.5AI score0.01875EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder