Noriben - Your Personal, Portable Malware Sandbox

Noriben is a Python-based script that works in conjunction with Sysinternals Procmon to automatically collect, analyze, and report on runtime indicators of malware. In a nutshell, it allows you to run your malware, hit a keypress, and get a simple text report of the sample's activities. Noriben...

Sysmon v2.0 - System Activity Monitor for Windows

System Monitor Sysmon is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log. It provides detailed information about process creations, network connections, and changes to...

Microsoft Windows Authenticated Administration Utility

This module uses a valid administrator username and password to execute an arbitrary command on one or more hosts, using a similar technique than the "psexec" utility provided by SysInternals. Daisy chaining commands with '&' does not work and users shouldn't try it. This module is useful because...

SysExporter - Grab data from list-view, tree-view, combo box, WebBrowser control, and text-box

SysExporter utility allows you to grab the data stored in standard list-views, tree-views, list boxes, combo boxes, text-boxes, and WebBrowser/HTML controls from almost any application running on your system, and export it to text, HTML or XML file. Here's some examples for data that you can expo...

Microsoft Windows Authenticated User Code Execution

No description provided by source. $Id: psexec.rb 11204 2010-12-02 17:29:26Z todb $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Sysinternals Regmon 6.11 Local Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11042/info Regmon is reported prone to a local denial of service vulnerability. This issue presents itself because the application fails to handle exceptional conditions and references unvalidated pointers to kernel...

Microsoft's Process Explorer added VirusTotal Multi-Antivirus Scanner support

Process Explorer, a part of the Microsoft’s Sysinternals suite of applications is an alternate task manager for Windows, which offers far more features than 'on-board'. Microsoft’s Windows Sysinternal Suite has released the latest version of Process Explorer v16.0 that has an awesome feature whic...

Microsoft Windows Authenticated Powershell Command Execution

This module uses a valid administrator username and password to execute a powershell payload using a similar technique to the "psexec" utility provided by SysInternals. The payload is encoded in base64 and executed from the commandline using the -encodedcommand flag. Using this method, the payloa...

Microsoft Windows Authenticated Powershell Command Execution

-- coding: binary -- This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'msf/core/exploit/powershel...

Microsoft Windows Authenticated Powershell Command Execution

This Metasploit module uses a valid administrator username and password to execute a powershell payload using a similar technique to the "psexec" utility provided by SysInternals. The payload is encoded in base64 and executed from the commandline using the -encodedcommand flag. Using this method,...

Microsoft Windows Authenticated Logged In Users Enumeration

This module uses a valid administrator username and password to enumerate users currently logged in, using a similar technique than the "psexec" utility provided by SysInternals. It uses reg.exe to query the HKU base registry key. This module requires Metasploit: https://metasploit.com/download...

Sysinternals Process Explorer DLL Hijack

/ Exploit Title: Sysinternals Process Explorer DLL Hijacking on x86 Windows systems wow64cpu.dll Date: 27 Aug 2010 Author: miom Software Link: http://technet.microsoft.com/sysinternals/bb896653.aspx Version: Process Explorer v12.04 Tested on: Windows XP SP3 x86 This exploit targets x86 Windows...

smb-psexec NSE Script

Implements remote process execution similar to the Sysinternals' psexec tool, allowing a user to run a series of programs on a remote machine and read the output. This is great for gathering information about servers, running the same tool on a range of system, or even installing a backdoor on a...

PsTools in the penetration of little application-vulnerability warning-the black bar safety net

Author:zero soulzerosoul Blog: Recent bad luck, take down a network, Server area all not even outside, no rally socks out, cause penetration of the network within other segments of the time very hard. One of the MSSQL and Web are separated, the server although the take down, but sometimes up to...

Powerful HA1 through Microsoft signatures-vulnerability and early warning-the black bar safety net

No HOOK, do not replace the file, get to a clean system to check the signature, too All the tools are the same as Microsoft, SRE, sysinternals, large into the Directly display the signature of the publisher is Microsoft Windows Publisher Points come in to see the big picture Technology is too...

Design/Logic Flaw

Dbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an unspecified mechanism for copying data into kernel memory, which allows local users to gain privileges via unspecified vectors...

CVE-2007-4223

Dbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an unspecified mechanism for copying data into kernel memory, which allows local users to gain privileges via unspecified vectors...

CVE-2007-4223

CVE-2007-4223 concerns the Microsoft Sysinternals DebugView driver Dbgv.sys. Before version 4.72, the kernel module exposes a mechanism that can copy user-supplied data into kernel memory, enabling local privilege escalation. The vulnerability requires the DebugView driver to be loaded (e.g., by ...

Microsoft DebugView Dbgv.sys内核模块本地权限升漏洞

BUGTRAQ ID: 26359 CVECAN ID: CVE-2007-4223 DebugView允许用户监控本地系统或可通过TCP/IP访问的网络中计算机上的调试输出。 DebugView所加载的Dbgv.sys内核模块中的功能可能允许将用户提供的数据拷贝到内核中可控的地址，这样恶意用户就可以向运行的内核中注入任意代码。 如果要利用这个漏洞，管理员必须加载DebugView，这样才会将Dbgv.sys驱动加载到内核，然后所有用户在系统重启之前都可以访问有漏洞的内核模块。 Microsoft DebugView 4.64...

KLA10263 LPE vulnerability in DebugView

An unspecified vulnerability was found in DebugView. By exploiting this vulnerability malicious users can gain privileges. This vulnerability can be exploited locally at an unknown point. Original advisories - Related products Microsoft-DebugView CVE list CVE-2007-4223 critical Solution Update to...