CVE-2021-1733 Sysinternals PsExec Elevation of Privilege Vulnerability

...

CVE-2021-1733

CVE-2021-1733 corresponds to Sysinternals PsExec Elevation of Privilege. Connected data confirm a local privilege escalation: PsExec contains a security restrictions bypass that allows a local user (non-admin) to escalate to SYSTEM by abusing PsExec. CVSS data from NVD/Microsoft indicate LOCAL at...

Sysinternals PsExec Elevation of Privilege (CVE-2021-1733)

An elevation of privilege vulnerability exists in Sysinternals PsExec due to the application not properly imposing security restrictions in PsExec, which leads to a security restrictions bypass and privilege escalation. It is possible for a local attacker who is authenticated as a non-admin user ...

Sysinternals PsExec Elevation of Privilege Vulnerability

...

PT-2021-2072 · Sysinternals · Psexec

Name of the Vulnerable Software and Affected Versions: Sysinternals PsExec affected versions not specified Description: The issue is related to errors in privilege management in the PsExec utility for remote command execution. Exploitation of this issue may allow an attacker to elevate their...

KLA12073 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in .NET Core can be...

Microsoft Sysinternals PsExec Security Feature Issue Vulnerability

Microsoft SysInternals is a Microsoft company created in 1996 by Mark Russinovich to host his advanced system utilities and technical information. Whether you are an IT professional or a developer, you will find that Sysinternals utilities can help you manage, troubleshoot, and diagnose your...

DLL Hijacking in NVIDIA SMI

What is NVIDIA SMI? The NVIDIA System Management Interface nvidia-smi is a command line utility, based on top of the NVIDIA Management Library NVML, intended to aid in the management and monitoring of NVIDIA GPU devices. This utility allows administrators to query GPU device state and with the...

Blue teams helping red teams: A tale of a process crash, PowerShell, and the MITRE ATT&CK evaluation

In September 2019, MITRE evaluated Microsoft Threat Protection MTP and other endpoint security solutions. The ATT&CK evaluation lasted for three days, with a professional red team from MITRE emulating many advanced attack behaviors used by the nation-state threat group known as YTTRIUM APT29. Aft...

Commando VM — Turn Your Windows Computer Into A Hacking Machine

FireEye today released Commando VM, which according to the company, is a "first of its kind Windows-based security distribution for penetration testing and red teaming." When it comes to the best-operating systems for hackers, Kali Linux is always the first choice for penetration testers and...

How to tap the RPC vulnerability, Part 1-the vulnerability warning-the black bar safety net

One, Foreword 2018 Year 8 months late, and one researcher（SandboxEscaper open a Windows local privilege escalation 0day vulnerabilities. On the Internet public after less than two weeks time, the vulnerability has already been malware attacks by using reference ESET articles published in. This...

ProcDump Sysinternals Tool for Linux

ProcDump is a Linux reimagining of the classic ProcDump tool from the Sysinternals suite of tools for Windows. ProcDump provides a convenient way for Linux developers to create core dumps of their application based on performance triggers. Requirements Minimum OS: Red Hat Enterprise Linux / CentO...

Ring 0 Army Knife: r0ak

r0ak is a Windows command-line utility that enables you to easily read, write, and execute kernel-mode code with some limitations from the command prompt, without requiring anything else other than Administrator privileges. Motivation The Windows kernel is a rich environment in which hundreds of...

DARKSURGEON - A Windows Packer Project To Empower Incident Response, Digital Forensics, Malware Analysis, And Network Defense

DARKSURGEON is a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense. DARKSURGEON has three stated goals: Accelerate incident response, digital forensics, malware analysis, and network defense with a preconfigured Windows 10 environment...

RTA - Framework Designed To Test The Detection Capabilities Against Malicious Tradecraft

RTA provides a framework of scripts designed to allow blue teams to test their detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK. RTA is composed of python scripts that generate evidence of over 50 different ATT&CK tactics, as well as a compiled binary application th...

Carbon Black Threat Research Technical Analysis: Petya / NotPetya Ransomware

On June 27, public announcements were made about a large-scale campaign of ransomware attacks across Europe. The ransomware impacted notable industries such as Maersk, the world’s largest container shipping company. The initial infection vector appears to be the exploitation of a Ukrainian tax...

Portable Malware Analysis Sandbox: Noriben

Portable Malware Analysis Sandbox Noriben is a Python-based script that works in conjunction with Sysinternals Procmon to automatically collect, analyze, and report on runtime indicators of malware. In a nutshell, it allows you to run your malware, hit a keypress, and get a simple text report of...

Noriben - Portable, Simple, Malware Analysis Sandbox

Noriben is a Python-based script that works in conjunction with Sysinternals Procmon to automatically collect, analyze, and report on runtime indicators of malware. In a nutshell, it allows you to run your malware, hit a keypress, and get a simple text report of the sample's activities. Noriben...

Microsoft Windows Authenticated User Code Execution

This module uses a valid administrator username and password or password hash to execute an arbitrary payload. This module is similar to the "psexec" utility provided by SysInternals. This module is now able to clean up after itself. The service created by this tool uses a randomly chosen name an...

AntiRansom - Fighting against Ransomware using Honeypots

AntiRansom is a tool capable of detect and stop attacks of Ransomware using honeypots. First, Anti Ransom creates a random decoy folder with many useless random documents Excel, PDF and then it monitors the folder waiting for changes. When a change is detected, AntiRansom tries to identify wich...