89 matches found
CVE-2023-29343
SysInternals Sysmon for Windows Elevation of Privilege Vulnerability...
Privilege escalation
SysInternals Sysmon for Windows Elevation of Privilege Vulnerability...
CVE-2023-29343
CVE-2023-29343 is a confirmed elevation of privilege vulnerability in Microsoft Sysinternals Sysmon for Windows (Sysmon 14.14 affected per PoC). The provided PoC describes an arbitrary file write vulnerability arising from insufficient access restrictions in the Sysmon Windows service: if an Arch...
CVE-2023-29343 SysInternals Sysmon for Windows Elevation of Privilege Vulnerability
...
CVE-2023-29343 SysInternals Sysmon for Windows Elevation of Privilege Vulnerability
...
SysInternals Sysmon for Windows Elevation of Privilege Vulnerability
...
Microsoft SysInternals 安全漏洞
Microsoft SysInternals is a Microsoft company created in 1996 by Mark Russinovich to host his advanced system utilities and technical information. Whether you are an IT professional or a developer, you will find that Sysinternals utilities can help you manage, troubleshoot, and diagnose your...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in two Developer Tools. In order to exploit the vulnerabilities, the malicious party must have local access to the development environment. SysInternals: |----------------|------|-------------------------------------| | CVE-ID | CVSS | Impact |...
Security Update for SysInternals Sysmon (May 2023)
The SysInternals Sysmon application installed on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. CVE-2023-29343 Note that Nessus has not...
Spartacus - DLL Hijacking Discovery Tool
Why "Spartacus"? If you have seen the film Spartacus from 1960, you will remember the scene where the Romans are asking for Spartacus to give himself up. The moment the real Spartacus stood up, a lot of others stood up as well and claimed to be him using the "I AM SPARTACUS" phrase. When a proces...
Microsoft Windows Sysinternals Sysmon < 14.13 Elevation of Privilege (November 2022)
An elevation of privilege vulnerability exists in Microsoft Windows Sysinternals Sysmon prior to 14.13. A locally authenticated attacker who successfully exploited the vulnerability could manipulate information on the Sysinternals services to achieve elevation from local user to SYSTEM admin. Not...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in the various Developer Tools. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution User rights Increased user privileges The vulnerability in...
Security Updates for Sysinternals Sysmon (December 2022)
The Sysinternals Sysmon installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. CVE-2022-44704 %NASLMINLEVEL 80900 C Tenable Networ...
Whids - Open Source EDR For Windows
What EDR with artifact collection driven by detection. The detection engine is built on top of a previous project Gene specially designed to match Windows events against user defined rules. What do you mean by "artifact collection driven by detection" ? It means that an alert can directly trigger...
PersistenceSniper - Powershell Script That Can Be Used By Blue Teams, Incident Responders And System Administrators To Hunt Persistences Implanted In Windows Machines
PersistenceSniper is a Powershell script that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. The script is also available on Powershell Gallery. --- The Why Why writing such a tool, you might ask. Well, for starters, I...
How To Get A Memory Dump From A PVS Target Device
When Troubleshooting Provisioning Services Target problems gathering a memory dump may be required. In some cases a Kernel dump is sufficient to identify the problem. In other cases a full system dump may be unavoidable and necessary. Once your vDisk registry has been updated you can now wait for...
IRTriage - Incident Response Triage - Windows Evidence Collection For Forensic Analysis
Scripted collection of system information valuable to a Forensic Analyst. IRTriage will automatically "Run As ADMINISTRATOR" in all Windows versions except WinXP. The original source was Triage-ir v0.851 an Autoit script written by Michael Ahrendt. Unfortunately Michael's last changes were posted...
CVE-2021-1733
Sysinternals PsExec Elevation of Privilege Vulnerability...
Privilege escalation
Sysinternals PsExec Elevation of Privilege Vulnerability...
CVE-2021-1733
CVE-2021-1733 corresponds to Sysinternals PsExec Elevation of Privilege. Connected data confirm a local privilege escalation: PsExec contains a security restrictions bypass that allows a local user (non-admin) to escalate to SYSTEM by abusing PsExec. CVSS data from NVD/Microsoft indicate LOCAL at...