109 matches found
Beijing Huorong Internet Security Injection Vulnerability
ESET Internet Security is a suite of antivirus software for Internet security from ESET Slovakia. An injection vulnerability exists in Beijing Huorong Internet Security 5.0.55.2, which allows a non-administrative user to escalate privileges by injecting code into a process and then waiting for th...
Windows Inject Reflective PE Files, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...
Windows Inject PE Files, Reverse TCP Stager with UUID Support
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...
MemoryMapper - Lightweight Library Which Allows The Ability To Map Both Native And Managed Assemblies Into Memory
Memory Mapper is a lightweight library which allows the ability to map both native and managed assemblies into memory by either using process injection of a process specified by the user or self-injection; the technique of injecting an assembly into the currently running process attempting to do...
Sphinx Malware Returns to Riddle U.S. Targets, with Modifications
The Zeus Sphinx banking trojan has seen a recent resurgence in the United States, sporting some modifications and using COVID-19 spam as a lure. Sphinx re-emerged in December but saw a big spike in March via the use of coronavirus themes. Since April, it has been seen attacking U.S. targets with ...
DLL hijacking vulnerability in Dolphin Online Game Accelerator of Xiamen Xiangyou Network Technology Co.
Dolphin Online Game Accelerator is an online game acceleration software. Dolphin Online Game Accelerator has a DLL hijacking vulnerability, which can be exploited by attackers to inject executable DLL files into client processes to perform arbitrary functions...
DLL Hijacking Vulnerability in Qi Fan Game Platform of Shanghai Qi Fan Digital Technology Co.
Qifan Game Platform is a gaming platform developed by Shanghai Qifan Digital Technology Co. Ltd. A DLL hijacking vulnerability exists in the Qi Fan Game Platform, which can be exploited by an attacker to inject an executable DLL file into the client process to perform arbitrary functions...
Sichuan Xunyou Network Technology Co., Ltd. Xunyou Online Game Accelerator DLL Hijacking Vulnerability
XunYou Online Game Accelerator is a specialized acceleration software for online games. Sichuan Xunyou Network Technology Co., Ltd Xunyou online game gas pedal dll hijacking vulnerability, attackers can use the loophole in the client process to inject executable DLL file, the execution of arbitra...
Q&A: Insights from the Red Canary 2020 Threat Detection Report
In light of the latest update to the MITRE ATT&CK framework, Red Canary has developed a Threat Detection Report uncovering the top techniques attackers use to target your organization. To understand the significance of the report, we turned to two of VMware Carbon Black’s top threat experts, Greg...
CAPE - Malware Configuration And Payload Extraction
CAPE is a malware sandbox. It is derived from Cuckoo and is designed to automate the process of malware analysis with the goal of extracting payloads and configuration from malware. This allows CAPE to detect malware based on payload signatures, as well as automating many of the goals of malware...
CB TAU Threat Intelligence Notification: Qbot/Qakbot Attempts to Evade Detection By Overwriting Itself
Qbot, or Qakbot, is a banking trojan that has been seen in the wild for at least 10 years. Recent campaigns have been often delivered by exploit kits and weaponized documents delivered via context-aware phishing campaigns. Qbot has also been suspected of delivering MegaCortex ransomware. Many...
Unprotect Project: Classify Malwares Based on Known Evasion Techniques
PenTestIT RSS Feed One of the first steps in learning about a malware is to see if it is evasive in any sense and then proceed accordingly. The Unprotect Project helps you do this easily. It is an open source project in Python that proposes a malware classification techniques based on their evasi...
CB TAU Threat Intelligence Notification: HopLight Campaign (Linked to North Korea) is Reusing Substantial Amount of Code
On April 10, 2019 the US Department of Homeland Security DHS released a Malware Analysis Report MAR-10135536-8 which detailed the trojan HopLight. HopLight has been linked to different North Korean DPRK campaigns also known as the Lazarus Group. The CB Threat Analysis Unit TAU has continued to...
Shed - .NET Runtime Inspector
Shed is an application that allow to inspect the .NET runtime of a program in order to extract useful information. It can be used to inspect malicious applications in order to have a first general overview of which information are stored once that the malware is executed. Shed is able to: Inject ...
Intel Media Server Studio - Improper Directory Permissions
Document Title: =============== Intel Media Server Studio - Improper Directory Permissions References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2170 Security ID:: INTEL-SA-00197 https://nvd.nist.gov/vuln/detail/CVE-2018-3697...
Design/Logic Flaw
DISPUTED Axon formerly TASER International Evidence Sync 3.15.89 is vulnerable to process injection. NOTE: the vendor's position is that this CVE is not associated with information that supports any finding of any type of vulnerability...
CVE-2018-17538
Axon formerly TASER International Evidence Sync 3.15.89 is vulnerable to process injection. NOTE: the vendor's position is that this CVE is not associated with information that supports any finding of any type of vulnerability...
CVE-2018-17538
Axon formerly TASER International Evidence Sync 3.15.89 is vulnerable to process injection. NOTE: the vendor's position is that this CVE is not associated with information that supports any finding of any type of vulnerability...
CVE-2018-17538
Axon Evidence Sync 3.15.89 is described as vulnerable to process injection. The PT-2018-14047 entry notes the vendor disputes the vulnerability’s existence and that no fix/version is publicly documented in the provided sources. No remediation details are available in the connected documents; expl...
CVE-2018-17538
Axon formerly TASER International Evidence Sync 3.15.89 is vulnerable to process injection. NOTE: the vendor's position is that this CVE is not associated with information that supports any finding of any type of vulnerability...