Lucene search
K

60 matches found

ThreatPost
ThreatPost
added 2020/03/11 3:34 p.m.75 views

New TrickBot Variant Updates Anti-Analysis Tricks

Researchers uncovered a new variant of the TrickBot malware that relies on new anti-analysis techniques, an updated method for downloading its payload as well as adopting minor changes to the integration of its components. TrickBot is a module-based malware that, while first identified as a banki...

0.8AI score
Exploits0References9
Carbon Black Blog
Carbon Black Blog
added 2019/01/28 3:57 p.m.326 views

TAU Threat Intelligence Notification: PPID Spoofing – Explorer CLSID

Summary Popular Attack Surface Reduction bypasses allow adversaries to hinder threat hunting activities by spoofing Parent Process ID. PPID to PID relationships have always been a key indicator of compromise and removing these conditions lead to false sense of security. Upon investigation its bee...

1.8AI score
Exploits0
Packet Storm
Packet Storm
added 2018/12/13 12:0 a.m.80 views

WebDAV Server Serving DLL

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Serve DLL via webdav server', 'Description' = %q This module simplifies the rundll32.exe Application Whitelisting Bypass technique. The module...

7.4AI score
Exploits0
Metasploit
Metasploit
added 2018/08/07 6:56 p.m.18 views

Serve DLL via webdav server

This module simplifies the rundll32.exe Application Whitelisting Bypass technique. The module creates a webdav server that hosts a dll file. When the user types the provided rundll32 command on a system, rundll32 will load the dll remotly and execute the provided export function. The export...

7.4AI score
Exploits0
myhack58
myhack58
added 2018/07/30 12:0 a.m.1403 views

An attacker with Office vulnerability propagation FELIXROOT Backdoor-vulnerability warning-the black bar safety net

! One, the attack event details 2017 9 months, in response to Ukrainian attacks, FireEye found FELIXROOT Backdoor this malicious payload, and feedback to our intelligence perception of the customers. The attack activities using some malicious Ukrainian banks document that contains a macro, used t...

9.3CVSS0.1AI score0.99945EPSS
Exploits62
FireEye
FireEye
added 2018/07/26 10:0 a.m.3086 views

Microsoft Office Vulnerabilities Used to Distribute FELIXROOT Backdoor in Recent Campaign

Campaign Details In September 2017, FireEye identified the FELIXROOT backdoor as a payload in a campaign targeting Ukrainians and reported it to our intelligence customers. The campaign involved malicious Ukrainian bank documents, which contained a macro that downloaded a FELIXROOT payload, being...

9.3CVSS1.7AI score0.99945EPSS
Exploits62
Kitploit
Kitploit
added 2017/09/27 9:12 p.m.307 views

PowerShdll - Run PowerShell with rundll32 (Bypass software restrictions)

Run PowerShell with dlls only. Does not require access to powershell.exe as it uses powershell automation dlls. dll mode: Usage: rundll32 PowerShdll,main rundll32 PowerShdll,main -f Run the script passed as argument rundll32 PowerShdll,main -w Start an interactive console in a new window rundll32...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2017/08/17 2:12 p.m.44 views

Koadic - COM Command & Control Framework (JScript RAT)

Koadic, or COM Command & Control, is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host a.k.a. JScript/VBScript, with compatibility in t...

7.3AI score
Exploits0References1
Malwarebytes
Malwarebytes
added 2017/08/09 3:54 p.m.39 views

Cerber ransomware delivered in format of a different order of Magnitude

As a follow up to our study into the Magnitude exploit kit and its gate which we profiled in a previous blog post, we take a look at an interesting technique used to distribute the Cerber ransomware. Exploit kits are a very effective means of serving malicious payloads and an important aspect is...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2016/04/01 10:17 p.m.48 views

JSRat - Reverse HTTP Shell Using JavaScript

JSRat is a reverse HTTP Shell by using JavaScript. JSRat use rundll32.exe to load the JavaScript code in cmd and a HTTP Shell is returned when the code is executed. The special part is that after running the cmd command, rundll32.exe will remain in the background to continuously connect to the...

7.6AI score
Exploits0References1
Packet Storm
Packet Storm
added 2015/03/05 12:0 a.m.58 views

HP Data Protector 8.10 Remote Command Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'HP Data Protector 8.10 Remote Command Execution', 'Description' = %q This module exploits a remote command execution on HP Data...

10CVSS0.6AI score0.89394EPSS
Exploits20
Metasploit
Metasploit
added 2015/03/04 7:1 p.m.48 views

HP Data Protector 8.10 Remote Command Execution

This module exploits a remote command execution on HP Data Protector 8.10. Arbitrary commands can be executed by sending crafted requests with opcode 28 to the OmniInet service listening on the TCP/5555 port. Since there is a strict length limitation on the command, rundll32.exe is executed, and...

10CVSS1.2AI score0.89394EPSS
Exploits20
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

Microsoft Windows XP/2000 RunDLL32.EXE Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8114/info rundll32.exe has been reported prone to a buffer overflow vulnerability. The condition has been reported to be triggered when an excessive string is passed to the vulnerable application as a routine name for a...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2013/09/17 3:9 a.m.18 views

[Binrev] Automate Reversing Windows Binaries for Pentesters

What you can do with this? Static analysis: you can do a basic manual code review for decompiled sources to discover hidden communication channels, search for hard-coded passwords, or SQL injection vulnerabilities. Import decompiled projects to an IDE to reconstruct and modify the original source...

8.6AI score
Exploits0
The Hacker News
The Hacker News
added 2012/01/12 5:49 a.m.15 views

Self-extracting archive (SFX) as Creative Virus Handler

Self-extracting archive SFX as Creative Virus Handler Yesterday I Found and interesting article about "Self-extracting archive SFX" on Unremote.org by DarkCoderSc. SFX is a little application that contains compressed files. Creating a customized WinRAR SFX archives is a very easy task, but not al...

7.2AI score
Exploits0
CERT
CERT
added 2010/03/05 12:0 a.m.47 views

Energizer DUO USB battery charger software allows unauthorized remote system access

Overview The software available for the Energizer DUO USB battery charger contains a backdoor that allows unauthorized remote system access. Description Energizer DUO is a USB battery charger. An optional Windows application that allows the user to view the battery charging status has been...

9.3CVSS6.5AI score0.27429EPSS
Exploits6References5
myhack58
myhack58
added 2006/08/19 12:0 a.m.49 views

A brush visits to the website of the pony analysis-vulnerability warning-the black bar safety net

Article author: 混世魔王 Information source: evil octal information security team www.eviloctal.com) System patch kick, online blind filling, and actually also in the network of the horse, ay. Now.... Put his net horse down down, 8 wrong, and genuine. Pass to kill 9 8. nt. 2 0 0 0. xp. XP SP2. 2 0 0 ...

0.3AI score
Exploits0
myhack58
myhack58
added 2006/06/18 12:0 a.m.26 views

Dove gray is registered as a system service method-reference for the black hole-vulnerability and early warning-the black bar safety net

A few days ago a pigeon to research registered into the system service method, I don't have pigeons, and found that it is using rundll32 to import an inf to achieve, this should be added a registry key to disable the reg script, disable regedit, are effective? Examples are as follows: Add a...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2003/07/06 12:0 a.m.17 views

Microsoft Windows XP2000 - RunDLL32.exe Local Buffer Overflow

Microsoft Windows XP2000 - RunDLL32.exe Local Buffer Overflow source: https://www.securityfocus.com/bid/8114/info rundll32.exe has been reported prone to a buffer overflow vulnerability. The condition has been reported to be triggered when an excessive string is passed to the vulnerable applicati...

Exploits0
Exploit DB
Exploit DB
added 2003/07/06 12:0 a.m.22 views

Microsoft Windows XP/2000 - 'RunDLL32.exe' Local Buffer Overflow

source: https://www.securityfocus.com/bid/8114/info rundll32.exe has been reported prone to a buffer overflow vulnerability. The condition has been reported to be triggered when an excessive string is passed to the vulnerable application as a routine name for a module. Exploitation of this issue...

7.4AI score
Exploits0
Rows per page
Query Builder