83 matches found
HTTP Fetch
Fetch and execute an x64 payload from an HTTP server. Module Options msf use payload/cmd/windows/http/x64/powershellreversetcpssl msf payloadpowershellreversetcpssl show actions ...actions... msf payloadpowershellreversetcpssl set ACTION msf payloadpowershellreversetcpssl show options ...show and...
HTTP Fetch, Windows shellcode stage, Windows x64 IPv6 Bind TCP Stager
Fetch and execute an x64 payload from an HTTP server. Custom shellcode stage. Listen for an IPv6 connection Windows x64 Module Options msf use payload/cmd/windows/http/x64/custom/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6tcp...
HTTP Fetch, Windows x64 Bind Named Pipe Stager
Fetch and execute an x64 payload from an HTTP server. Listen for a pipe connection Windows x64 Module Options msf use payload/cmd/windows/http/x64/vncinject/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTION msf payloadbindnamedpipe show options...
HTTP Fetch, Windows shellcode stage, Windows x64 Reverse TCP Stager
Fetch and execute an x64 payload from an HTTP server. Custom shellcode stage. Connect back to the attacker Windows x64 Module Options msf use payload/cmd/windows/http/x64/custom/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show...
AspEmail v5.6.0.2 - Local Privilege Escalation
Exploit Title: AspEmail 5.6.0.2 - Local Privilege Escalation Vulnerability Category: Weak Services Permission - Binary Permission Vulnerability Date: 13/04/2023 Exploit Author: Zer0FauLT [email protected] Vendor Homepage: https://www.aspemail.com Software Link:...
CVE-2022-48223
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK repair, certutil.exe is called by the Acuant installer to repair certificates. This call is vulnerable to DLL hijacking due to a race condition and insecure permissions on the executing directory...
CVE-2022-48222
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full...
PT-2023-15619 · Acuant · Acuant Acufill Sdk
Name of the Vulnerable Software and Affected Versions: Acuant AcuFill SDK versions prior to 10.22.02.03 Description: An issue in the Acuant AcuFill SDK allows a standard user to break out of a window running with elevated privileges during SDK installation, resulting in a full SYSTEM command prom...
Acuant AcuFill SDK 代码问题漏洞
Acuant AcuFill SDK is a data capture technology from the American company Acuant. All major data fields can be extracted from documents. A security vulnerability exists in the Acuant AcuFill SDK that stems from a call to certutil.exe by the Acuant installer to repair certificates during SDK repai...
Rapid7 Observed Exploitation of Adobe ColdFusion
Rapid7’s Threat Intelligence and Detection Engineering team has identified active exploitation of Adobe ColdFusion in multiple customer environments. The observed activity dates back to January 2023 and has not been tied back to a specific CVE at this time. IOCs are included below. Rapid7 has...
Researchers Say China State-backed Hackers Breached a Digital Certificate Authority
A suspected Chinese state-sponsored actor breached a digital certificate authority as well as government and defense agencies located in different countries in Asia as part of an ongoing campaign since at least March 2022. Symantec, by Broadcom Software, linked the attacks to an adversarial group...
TChopper - Conduct Lateral Movement Attack By Leveraging Unfiltered Services Display Name To Smuggle Binaries As Chunks Into The Target Machine
New technique I have discovered recently and give it a nickname Chop chop to perform lateral movement using windows services display name and WMI by smuggling the malicious binary as base64 chunks and automate the process using the TChopper tool. How it works the tool will get the file you willin...
Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2021-1744)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Chinese APT group targets India and Hong Kong using new variant of MgBot malware
This blog post was authored by Hossein Jazi and Jérôme Segura On July 2, we found an archive file with an embedded document pretending to be from the government of India. This file used template injection to drop a malicious template which loaded a variant of Cobalt Strike. One day later, the sam...
Self-Propagating Lucifer Malware Targets Windows Systems
Security experts have identified a self-propagating malware, dubbed Lucifer, that targets Windows systems with cryptojacking and distributed denial-of-service DDoS attacks. The never-before-seen malware initially tries to infect PCs by bombarding them with exploits in hopes of taking advantage of...
CertUtil Qualms: They Came to Drop FOMBs
This blog post covers an interesting intrusion attempt that Mandiant Managed Defense thwarted involving the rapid weaponization of a recently disclosed vulnerability combined with the creative use of WMI compiled “.bmf” files and CertUtil for obfuscated execution. This intrusion attempt highlight...
Watch Out! Microsoft Spotted Spike in Astaroth Fileless Malware Attacks
Security researchers at Microsoft have released details of a new widespread campaign distributing an infamous piece of fileless malware that was primarily being found targeting European and Brazilian users earlier this year. Dubbed Astaroth, the malware trojan has been making the rounds since at...
How Carbon Black is Prioritizing Living Off the Land Attacks Part 2
What are Living Off the Land LoL Attacks? In recent years, Living off the Land Binaries and Scripts LoLBas have become increasingly popular tools for cybercriminals. These types of attacks leverage native, signed, and often pre-installed applications in malicious ways that their creators never...
February 22, 2018—KB4077525 (OS Build 14393.2097)
February 22, 2018—KB4077525 OS Build 14393.2097 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses issue that causes Hyper-V VMs that are replicated using Hyper-V Replica or Azure...
Threat Analysis: Recent Attack Technique Attempts to Bypass Whitelisting by Leveraging MS Office Document Macros, MSBuild, Certutil
Carbon Black continues to monitor and track evolving techniques that attackers leverage. Over the last several years, there has been an increase in attackers leveraging open source frameworks and proof of concept POC techniques that are released publically by researchers. A document was recently...