Hackers Use PyInstaller and AMSI Patching to Deliver XWorm RAT v7.4

Hackers are hiding XWorm malware in PyInstaller files to bypass Windows security, steal data and remotely control devices through ads...

Description of the security update for SharePoint Server 2019 Language Pack: October 14, 2025 (KB5002798)

Description of the security update for SharePoint Server 2019 Language Pack: October 14, 2025 KB5002798 Summary Important: If you're running 2013-type workflows, you mustinstall the August 2025 update for SharePoint Workflow Manager to your farm before you install this cumulative update.​​​​​​​ I...

EUVD-2023-44309

Malicious code in bioql PyPI...

Ninja

This is an open-source C2 server created for stealth red team operations, specifically designed to bypass AMSI Advanced Threat and Malware Protection and other security measures. The server is written in PowerShell and utilizes various modules to achieve its goals. The server includes several...

Description of the security update for SharePoint Server 2019: September 09, 2025 (KB5002775)

Description of the security update for SharePoint Server 2019: September 09, 2025 KB5002775 Summary Important: ​​​​​​​​​​​​​​Prior to installing this Cumulative Update, if you're running the 2013 Style Workflows, you must install the August 2025 patch for SharePoint Workflow manager to your Farm...

MAL-2025-32393 Malicious code in romeo-november-amsi (npm)

The package romeo-november-amsi was found to contain malicious code...

Malicious code in romeo-november-amsi (npm)

The package romeo-november-amsi was found to contain malicious code...

Exploit for Deserialization of Untrusted Data in Microsoft

ZeroPoint.ps1 ⚠ A defensive PowerShell utility to detect an...

A Bag of RATs: VenomRAT vs. AsyncRAT

Introduction Remote access tools RATs have long been a favorite tool for cyber attackers, since they enable remote control over compromised systems and facilitate data theft, espionage, and continuous monitoring of victims. Among the well-known RATs are VenomRAT and AsyncRAT. These are open-sourc...

June 11, 2024—KB5039236 (OS Build 25398.950)

June 11, 2024—KB5039236 OS Build 25398.950 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server, version 23H2, see its update history page. Improvements This security update...

Description of the security update for SharePoint Enterprise Server 2016: June 11, 2024 (KB5002604)

Description of the security update for SharePoint Enterprise Server 2016: June 11, 2024 KB5002604 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures...

Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice

A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger called Agent Tesla. Trustwave SpiderLabs said it identified a phishing email bearing this attack chain on March 8, 2024. The message masquerades as a bank payment...

BestEdrOfTheMarket - Little AV/EDR Bypassing Lab For Training And Learning Purposes

Little AV/EDR Evasion Lab for training & learning purposes. ️ under construction..​ | | | | | | \ / \ / | | | | | \ / / | | | | | | | | | | | | | | | | | | ' \ / \ | | | /\ \ | | || || | | || | | | | | | | | / |/||/| ||/|| \ /|| || || ||| | / | | | | | | |/| |/ | '| |/ / \ | | | | | | | |...

LightsOut - Generate An Obfuscated DLL That Will Disable AMSI And ETW

LightsOut will generate an obfuscated DLL that will disable AMSI & ETW while trying to evade AV. This is done by randomizing all WinAPI functions used, xor encoding strings, and utilizing basic sandbox checks. Mingw-w64 is used to compile the obfuscated C code into a DLL that can be loaded into a...

CVE-2023-3665

A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code...

CVE-2023-3665

A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code...

Description of the security update for SharePoint Enterprise Server 2016: September 12, 2023 (KB5002494)

Description of the security update for SharePoint Enterprise Server 2016: September 12, 2023 KB5002494 Summary This security update resolves a Microsoft Word remote code execution vulnerability and Microsoft SharePoint Server elevation of privilege vulnerability. To learn more about the...

Description of the security update for SharePoint Server 2019: September 12, 2023 (KB5002472)

Description of the security update for SharePoint Server 2019: September 12, 2023 KB5002472 Summary This security update resolves a Microsoft SharePoint Server elevation of privilege vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures...

Description of the security update for SharePoint Enterprise Server 2016 Language Pack: September 12, 2023 (KB5002501)

Description of the security update for SharePoint Enterprise Server 2016 Language Pack: September 12, 2023 KB5002501 Summary This security update resolves a Microsoft Word remote code Execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposure...

Wanderer - An Open-Source Process Injection Enumeration Tool Written In C#

Wanderer is an open-source program that collects information about running processes. This information includes the integrity level, the presence of the AMSI as a loaded module, whether it is running as 64-bit or 32-bit as well as the privilege level of the current process. This information is...