162 matches found
Microsoft OneNote Used To Sidestep Phishing Detection
A phishing campaign was recently discovered leveraging OneNote, Microsoft’s digital notebook that automatically saves and syncs notes, to bypass detection tools and download malware onto victims’ systems. The attacker was utilizing OneNote as a way to easily experiment with various lures that...
Persistence – Modify Existing Service
It is not uncommon for APT Groups to modify an existing service on the compromised host in order to execute an arbitrary payload when the… Continue reading - Persistence - Modify Existing Service...
CVE-2018-5409
The PrinterLogic Print Management software, versions up to and including 18.3.1.96, updates and executes the code without sufficiently verifying the origin and integrity of the code. An attacker can execute malicious code by compromising the host server, performing DNS spoofing, or modifying the...
Remote Desktop Caching - Tool To Recover Old RDP (mstsc) Session Information In The Form Of Broken PNG Files
This tool allows one to recover old RDP mstsc session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an...
CVE-2018-12332
Incomplete Cleanup vulnerability in ECOS Secure Boot Stick aka SBS 5.6.5 allows an attacker to compromise authentication and encryption keys via a compromised host PC after a reset...
Input validation
Incomplete Cleanup vulnerability in ECOS Secure Boot Stick aka SBS 5.6.5 allows an attacker to compromise authentication and encryption keys via a compromised host PC after a reset...
CVE-2018-12332
Incomplete Cleanup vulnerability in ECOS Secure Boot Stick aka SBS 5.6.5 allows an attacker to compromise authentication and encryption keys via a compromised host PC after a reset...
Recent Python Meterpreter Improvements
The Python Meterpreter has received quite a few improvements this year. In order to generate consistent results, we now use the same technique to determine the Windows version in both the Windows and Python instances of Meterpreter. Additionally, the native system language is now populated in the...
Multi Manage Network Route via Meterpreter Session
This module manages session routing via an existing Meterpreter session. It enables other modules to 'pivot' through a compromised host when connecting to the named NETWORK and SUBMASK. Autoadd will search a session for valid subnets from the routing table and interface list then add routes to...
Logrhythm Network Monitor Multiple Vulnerabilities
Logrhythm Network Monitor is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
FreeBSD -- rtsold(8) remote buffer overflow vulnerability
Problem Description: Due to a missing length check in the code that handles DNS parameters, a malformed router advertisement message can result in a stack buffer overflow in rtsold8. Impact: Receipt of a router advertisement message with a malformed DNSSL option, for instance from a compromised...
PHP JavaScript Website Redirection
A website redirection vulnerability has been reported in PHP. A remote attacker can exploit this vulnerability to load and run a malicious file served from a second compromised host...
SOL11719 - Mitigating risk from SSH brute force login attacks
Vulnerability Description F5 products and versions that are affected by this Security Advisory F5 Product Development has determined that all products and versions are affected by the issue described in this security advisory. Note: For information about signing up to receive security notice...
SecurityGateway < 1.0.2 Administration Interface username Field Remote Overflow
The remote host is running Alt-N's SecurityGateway for Exchange/SMTP, an email spam firewall for Exchange and SMTP servers. The version of SecurityGateway installed on the remote host is earlier than 1.0.2. Such versions are reportedly affected by a buffer overflow that can be triggered using a...
activePDF Server < 3.8.6 Packet Handling Remote Overflow
activePDF Server is installed on the remote host. It is used to provide PDF generation and conversion from within enterprise and web applications. The version of activePDF Server installed on the remote host contains a heap-based buffer overflow that can be triggered by sending a packet specifyin...
URCS Server Detection
This host appears to be running URCS Server. Unmanarc Remote Control Server can be used/installed silent as a SPDX-FileCopyrightText: 2005 J.Mlodzianowski Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
IRC Bot Detection
This host seems to be running an ident server, but before any request is sent, the server gives an answer about a connection to port 6667. It is very likely this system has been compromised by an IRC bot and is now a 'zombie' that can participate in 'distributed denial of service' DDoS attacks...
IRC Bot ident Server Detection
This host seems to be running an ident server, but the ident server responds to an empty query with a random userid. This behavior may be indicative of an IRC bot, worm and/or virus infection. It is very likely this system has been compromised. IRC bot ident server detection Created: 9/22/04 Last...
Wollf Backdoor Detection
This host appears to be running Wollf on this port. Wollf Can be used as a Backdoor which allows an intruder gain remote access to files on your computer. If you did not install this program for remote management then this host may be compromised. An attacker may use it to steal your passwords, o...
Bugbear.B Worm Detection
The BugBear.B backdoor appears to be listening on this port. An attacker may connect to it to retrieve secret information such as passwords, credit card numbers, etc. The BugBear.B worm includes a keylogger and can kill antivirus and firewall software. It propagates through email and open Windows...