CVE-2022-26122

An insufficient verification of data authenticity vulnerability CWE-345 in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64...

Injector - Complete Arsenal Of Memory Injection And Other Techniques For Red-Teaming In Windows

Complete Arsenal of Memory injection and other techniques for red-teaming in Windows What does Injector do? Process injection support for shellcode located at remote server as well as local storage. Just specify the shellcode file and it will do the rest. It will by default inject into notepad.ex...

CVE-2021-26718

CVE-2021-26718 concerns Kaspersky Internet Security (KIS) for macOS where AV bypass could occur via an XPC service. Public details describe an improper client verification in the system extension’s XPC communication (IPCService) that allowed a normal user to interact with the XPC service, inject ...

CVE-2021-26718

KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection...

Kaspersky: [Fixed] KIS for macOS is vulnerable to AV bypass due to improper client authorization on XPC service

Note! Thank you for your report. For the purposes of the further analysis of the vulnerability, that you kindly report to us, could you please fill all fields in square brackets. This information will help us to respond you more quickly and triage your report. Thanks a lot for your assistance...

GhostShell - Malware Indetectable, With AV Bypass Techniques, Anti-Disassembly, And More

In this malware, are used some techniques to try bypass the AVs, VMs, and Sandboxes, with only porpuse to learning more. I'm not responsible for your actions. Bypass Techniques Anti-Debugger To try bypass the Debuggers, I'm using the "IsDebuggerPresent" of "Windows.h" librarie to checks if a...

Node.js: loader.js is not secure

Summary: Node.js loader.js can be exploited by an attacker The vulnerability https://github.com/nodejs/node/blob/a33c3c6d33fa81fa59a5aa95246d7f599e6abdd3/lib/internal/modules/cjs/loader.jsL892 js Module.initPaths = function var homeDir; var nodePath; if isWindows homeDir = process.env.USERPROFILE...

Introducing Slackor, a Remote Access Tool Using Slack as a C2 Channel

As a penetration tester at Coalfire Labs, I frequently use exploitation frameworks such as Metasploit or PowerShell Empire to perform post-exploitation actions on compromised endpoints. While anti-virus AV bypass and detection avoidance is often trivial in all but the most mature environments,...

Salsa Tools - ShellReverse TCP/UDP/ICMP/DNS/SSL/BINDTCP and AV bypass, AMSI patched

Salsa Tools is a collection of three different tools that combined, allows you to get a reverse shell on steroids in any Windows environment without even needing PowerShell for it's execution. In order to avoid the latest detection techniques AMSI, most of the components were initially written on...

Sql injection

Norton prior to 22.15; Symantec Endpoint Protection SEP prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition SEP SBE prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud SEP Cloud prior to 22.15.1 may be susceptible to an AV bypass...

Sql injection

Norton prior to 22.15; Symantec Endpoint Protection SEP prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition SEP SBE prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud SEP Cloud prior to 22.15.1 may be susceptible to an AV bypass...

CVE-2018-12238

Norton prior to 22.15; Symantec Endpoint Protection SEP prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition SEP SBE prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud SEP Cloud prior to 22.15.1 may be susceptible to an AV bypass...

CVE-2018-12239

CVE-2018-12239 affects Norton 22.15 and certain Symantec Endpoint Protection (SEP) lines prior to 12.1.7454.7000 and 14.2, SEP SBE prior to NIS-22.15.1.8/SEP-12.1.7454.7000, and SEP Cloud prior to 22.15.1. The issue is an AV bypass vulnerability where one antivirus engine relies on a signature da...

CVE-2018-12238

CVE-2018-12238 is an AV bypass affecting Norton/Symantec endpoint products. Affected include Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 and 14.2; SEP SBE prior to NIS-22.15.1.8 and SEP-12.1.7454.7000; and SEP Cloud prior to 22.15.1. The issue enables evading...

CVE-2018-12238

Norton prior to 22.15; Symantec Endpoint Protection SEP prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition SEP SBE prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud SEP Cloud prior to 22.15.1 may be susceptible to an AV bypass...

CVE-2018-12239

Norton prior to 22.15; Symantec Endpoint Protection SEP prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition SEP SBE prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud SEP Cloud prior to 22.15.1 may be susceptible to an AV bypass...

SEP Multiple Issues

SUMMARY Symantec has released updates to address issues that were discovered in the Norton, Symantec Endpoint Protection SEP, Symantec Endpoint Protection Small Business Edition SEP SBE and Symantec Endpoint Protection Cloud SEP Cloud products. AFFECTED PRODUCTS Norton --- CVE | Affected Versions...

Dr0p1t-Framework 1.3.2.1 - A Framework That Creates An Advanced FUD Dropper With Some Tricks

Have you ever heard about trojan droppers ? In short dropper is type of malware that downloads other malwares and Dr0p1t gives you the chance to create a stealthy dropper that bypass most AVs and have a lot of tricks. Features + Generated executable properties: The executable size is smaller...

Script Web Delivery

This module quickly fires up a web server that serves a payload. The module will provide a command to be run on the target machine based on the selected target. The provided command will download and execute a payload using either a specified scripting language interpreter or "squiblydoo" via...

Dr0p1t Framework 1.3 - A Framework That Creates An Advanced FUD Dropper With Some Tricks

Have you ever heard about trojan droppers ? In short dropper is type of trojans that downloads other malwares and Dr0p1t gives you the chance to create a stealthy dropper that bypass most AVs and have a lot of tricks! Features Generated executable properties: The executable size is smaller compar...