77 matches found
July 12, 2022—KB5015874 (Monthly Rollup)
July 12, 2022—KB5015874 Monthly Rollup Summary Learn more about this cumulative security update, including improvements, any known issues, and how to get the update. REMINDERWindows 8.1 will reach end of support on January 10, 2023 for all editions, at which point technical assistance and softwar...
Rockwell Automation Logix Controllers
1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: Logix Controllers Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an unauthorized user to send malicious messages to...
Rockwell Automation ISaGRAF
1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: ISaGRAF Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow arbitrary code execution. 3. TECHNICAL DETAILS 3.1...
March 22, 2022—KB5011558 (OS Build 20348.617) Preview
March 22, 2022—KB5011558 OS Build 20348.617 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find ou...
September 14, 2021—KB5005575 (OS Build 20348.230)
September 14, 2021—KB5005575 OS Build 20348.230 Improvements and fixes This security update includes quality improvements. Key changes include: Addresses an issue that causes Windows to generate many AppLocker or SmartLocker success events in the AppLocker EXE and DLL event channel. Addresses an...
August 10, 2021—KB5005043 (OS Build 14393.4583) - EXPIRED
August 10, 2021—KB5005043 OS Build 14393.4583 - EXPIRED EXPIRATION NOTICE As of 9/12/2023, KB5005043 is no longer available from Windows Update, the Microsoft Update Catalog, or other release channels. We recommend that you update your devices to the latest security quality update. --- 7/13/21...
redpill
This is a PowerShell module repository called "redpill" that provides various post-exploitation tools for Windows systems. The repository contains several scripts that can be used to perform different tasks such as: Bypassing AppLocker restrictions Hijacking browser cookies Downloading and...
Microsoft SAFER Bypass Vulnerability
Hi @ll, Microsoft introduced SAFER alias Software Restriction Policies SRP with Windows XP about 20 years ago. See for the API, plus the TechNet articles "How Software Restriction Policies Work" and "Using Software Restriction Policies to Protect Against Unauthorized Software" for the use case...
Rockwell Automation DriveTools SP and Drives AOP
1. EXECUTIVE SUMMARY CVSS v3 7.5 Vendor : Rockwell Automation Equipment : DriveTools SP and Drives AOP Vulnerability : Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability may result in privilege escalation and total loss of device confidentiality,...
Acronis: Arbitrary Files and Folders Deletion vulnerability with Acronis Managed Machine Service
Vulnerability description not provided...
Xeca - PowerShell Payload Generator
xeca is a project that creates encrypted PowerShell payloads for offensive purposes. Creating position independent shellcode from DLL files is also possible. Install Firstly ensure that rust is installed, then build the project with the following command: cargo build How It Works 1. Identify and...
Microsoft security advisory: Update to improve AppLocker certificate handling: September 8, 2015
Microsoft security advisory: Update to improve AppLocker certificate handling: September 8, 2015 Summary Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To learn more about the...
AppLocker Policy Bypass
Exploit Title: AppLocker 'Packaged App' Installation Policy Bypass Date: 2/1/20 Exploit Author: Social Engineering Neo - @EngineeringNeo Vendor Homepage: https://microsoft.com Software Link: N/A Version: Windows build 18363.535 and below. Tested on: Windows 10 build 17763.253, 18362.295, 18362.35...
SYS.1.2.2.A8
Ziel des Bausteins SYS.1.2.2 ist die Absicherung von Microsoft Windows Server 2012 und Microsoft Windows Server 2012 R2. Die Standard-Anforderung Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify...
SYS.2.2.2.A14
Ziel des Bausteins SYS.2.2.2 ist der Schutz von Informationen, die durch und auf Windows 8.1-Clients verarbeiten werden. Die Kern-Anforderung Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
NetProfiler
On .NET 4, the CLSID must be defined via the HKCR\CLSIDGUID\InprocServer32 registry key containing the path to the profiling DLL. On recent versions, the CLR uses the CORPROFILERPATH environment variable to find the DLL – and falls back to using the CLSID if CORPROFILERPATH is not defined. Author...
Applocker Evasion - Microsoft Workflow Compiler
This module will assist you in evading Microsoft Windows Applocker and Software Restriction Policies. This technique utilises the Microsoft signed binaries Microsoft.Workflow.Compiler.exe to execute user supplied code. This module requires Metasploit: https://metasploit.com/download Current sourc...
Applocker Evasion - Microsoft .NET Assembly Registration Utility
This module will assist you in evading Microsoft Windows Applocker and Software Restriction Policies. This technique utilises the Microsoft signed binaries RegAsm.exe or RegSvcs.exe to execute user supplied code. This module requires Metasploit: https://metasploit.com/download Current source:...
Applocker Evasion - Windows Presentation Foundation Host
This module will assist you in evading Microsoft Windows Applocker and Software Restriction Policies. This technique utilises the Microsoft signed binary PresentationHost.exe to execute user supplied code. This module requires Metasploit: https://metasploit.com/download Current source:...
Applocker Evasion - MSBuild
This module will assist you in evading Microsoft Windows Applocker and Software Restriction Policies. This technique utilises the Microsoft signed binary MSBuild.exe to execute user supplied code. This module requires Metasploit: https://metasploit.com/download Current source:...