78 matches found
Hackers Use PyInstaller and AMSI Patching to Deliver XWorm RAT v7.4
Hackers are hiding XWorm malware in PyInstaller files to bypass Windows security, steal data and remotely control devices through ads...
Description of the security update for SharePoint Server 2019 Language Pack: October 14, 2025 (KB5002798)
None None...
EUVD-2023-44309
Malicious code in bioql PyPI...
Ninja
This is an open-source C2 server created for stealth red team operations, specifically designed to bypass AMSI Advanced Threat and Malware Protection and other security measures. The server is written in PowerShell and utilizes various modules to achieve its goals. The server includes several...
Description of the security update for SharePoint Server 2019: September 9, 2025 (KB5002775)
None None...
Malicious code in romeo-november-amsi (npm)
The package romeo-november-amsi was found to contain malicious code...
MAL-2025-32393 Malicious code in romeo-november-amsi (npm)
The package romeo-november-amsi was found to contain malicious code...
Exploit for Deserialization of Untrusted Data in Microsoft
ZeroPoint.ps1 ⚠ A defensive PowerShell utility to detect an...
A Bag of RATs: VenomRAT vs. AsyncRAT
Introduction Remote access tools RATs have long been a favorite tool for cyber attackers, since they enable remote control over compromised systems and facilitate data theft, espionage, and continuous monitoring of victims. Among the well-known RATs are VenomRAT and AsyncRAT. These are open-sourc...
June 11, 2024—KB5039236 (OS Build 25398.950)
None None...
Description of the security update for SharePoint Enterprise Server 2016: June 11, 2024 (KB5002604)
None None...
Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice
A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger called Agent Tesla. Trustwave SpiderLabs said it identified a phishing email bearing this attack chain on March 8, 2024. The message masquerades as a bank payment...
BestEdrOfTheMarket - Little AV/EDR Bypassing Lab For Training And Learning Purposes
Little AV/EDR Evasion Lab for training & learning purposes. ️ under construction.. | | | | | | \ / \ / | | | | | \ / / | | | | | | | | | | | | | | | | | | ' \ / \ | | | /\ \ | | || || | | || | | | | | | | | / |/||/| ||/|| \ /|| || || ||| | / | | | | | | |/| |/ | '| |/ / \ | | | | | | | |...
LightsOut - Generate An Obfuscated DLL That Will Disable AMSI And ETW
LightsOut will generate an obfuscated DLL that will disable AMSI & ETW while trying to evade AV. This is done by randomizing all WinAPI functions used, xor encoding strings, and utilizing basic sandbox checks. Mingw-w64 is used to compile the obfuscated C code into a DLL that can be loaded into a...
CVE-2023-3665
A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code...
CVE-2023-3665
A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code...
Description of the security update for SharePoint Enterprise Server 2016 Language Pack: September 12, 2023 (KB5002501)
None None...
Description of the security update for SharePoint Server 2019: September 12, 2023 (KB5002472)
None None...
Description of the security update for SharePoint Enterprise Server 2016: September 12, 2023 (KB5002494)
None None...
Wanderer - An Open-Source Process Injection Enumeration Tool Written In C#
Wanderer is an open-source program that collects information about running processes. This information includes the integrity level, the presence of the AMSI as a loaded module, whether it is running as 64-bit or 32-bit as well as the privilege level of the current process. This information is...