GHSA-CPMJ-H4F6-R6PQ Harden-Runner: Bypassing Logging of Outbound Connections Using sendto, sendmsg, and sendmmsg in Harden-Runner (Community Tier)

Summary A security vulnerability has been identified in the Harden-Runner GitHub Action Community Tier that allows outbound network connections to evade audit logging. Specifically, outbound traffic using the sendto, sendmsg, and sendmmsg socket system calls can bypass detection and logging when...

July 24, 2018—KB4338827 (OS Build 15063.1235)

July 24, 2018—KB4338827 OS Build 15063.1235 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses additional issues with updated time zone information. Changes the music metadata servi...

Ophcrack - A Windows Password Cracker Based On Rainbow Tables

Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms. Features: Runs on Windows, Linux/Unix, Mac OS X, ... Cracks LM...

Microsoft Windows: Untrusted Font Blocking

This security feature provides a global setting to prevent programs from loading untrusted fonts. Untrusted fonts are any font installed outside of the %windir%\Fonts directory. This feature can be configured to be in 3 modes: On, Off, and Audit. By default, it is Off and no fonts are blocked. If...

June 21, 2018—KB4284833 (OS Build 14393.2339)

June 21, 2018—KB4284833 OS Build 14393.2339 Windows 10, version 1607, reached end of service on April 10, 2018. Devices running Windows 10 Home or Pro editions will no longer receive monthly security and quality updates that contain protection from the latest security threats.To continue receivin...

January 17, 2018—KB4057144 (OS Build 15063.877)

January 17, 2018—KB4057144 OS Build 15063.877 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses issue where some customers on a small subset of older AMD processors get into an...

LUNAR - Lockdown UNix Auditing and Reporting

A UNIX security auditing tool based on several security frameworks Introduction This scripts generates a scored audit report of a Unix host's security. It is based on the CIS and other frameworks. Where possible there are references to the CIS and other benchmarks in the code documentation. Why a...

Microsoft SQL Server Configuration Enumerator

This module will perform a series of configuration audits and security checks against a Microsoft SQL Server database. For this module to work, valid administrative user credentials must be supplied. This module requires Metasploit: https://metasploit.com/download Current source:...