16 matches found
APT41 Hackers Use ShadowPad, Cobalt Strike in Taiwanese Institute Cyber Attack
A Taiwanese government-affiliated research institute that specializes in computing and associated technologies was breached by nation-state threat actors with ties to China, according to new findings from Cisco Talos. The unnamed organization was targeted as early as mid-July 2023 to deliver a...
APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike
Cisco Talos discovered a malicious campaign that compromised a Taiwanese government-affiliated research institute that started as early as July 2023, delivering the ShadowPad malware, Cobalt Strike and other customized tools for post-compromise activities. The activity conducted on the victim...
Windows unmarshal post exploitation
This module exploits a local privilege escalation bug which exists in microsoft COM for windows when it fails to properly handle serialized objects. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModu...
Immunity Canvas: UNMARSHAL_TO_SYSTEM
Name| unmarshaltosystem ---|--- CVE| CVE-2018-0824 Exploit Pack| CANVAS Description| CVE-2018-0824 QC Marshal Interceptor Insecure COM Unmarshal LPE Notes| CVE Name: CVE-2018-0824 VENDOR: Microsoft Notes: Tested against: --------------- Windows 7 x86 - NOT VULNERABLE Windows Server 2016 - NOT...
Microsoft COM for Windows - Privilege Escalation Exploit
Exploit for windows platform in category local exploits Writeup: https://codewhitesec.blogspot.com/2018/06/cve-2018-0624.html In May 2018 Microsoft patched an interesting vulnerability CVE-2018-0824 which was reported by Nicolas Joly of Microsoft's MSRC: A remote code execution vulnerability exis...
Microsoft COM for Windows - Privilege Escalation
Writeup: https://codewhitesec.blogspot.com/2018/06/cve-2018-0624.html In May 2018 Microsoft patched an interesting vulnerability CVE-2018-0824 which was reported by Nicolas Joly of Microsoft's MSRC: A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to...
CVE-2018-0824
creationtimestamp| type| source ---|---|--- 2018-06-15 22:35:54+00:00| seen| https://t.me/canyoupwnme/3973 2018-10-25 18:31:34+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/post/windows/escalate/unmarshalcmdexec.rb 2024-08-02 14:37:18+00:00| exploited|...
CVE-2018-0824
CVE-2018-0824 is a Microsoft Windows remote code execution vulnerability in the COM subsystem due to improper handling of serialized objects. Public writeups and advisories summarize that a specially crafted file or script can trigger code execution, with potential remote impact when users open o...
CVE-2018-0824
A remote code execution vulnerability exists in “Microsoft COM for Windows” when it fails to properly handle serialized objects, aka “Microsoft COM for Windows Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server...
Microsoft Windows Multiple Vulnerabilities (KB4103723)
This host is missing a critical security update according to Microsoft KB4103723 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Microsoft Windows Multiple Vulnerabilities (KB4103718)
This host is missing a critical security update according to Microsoft KB4103718 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Microsoft Windows Multiple Vulnerabilities (KB4103725)
This host is missing a critical security update according to Microsoft KB4103725 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Microsoft Windows Multiple Vulnerabilities (KB4103731)
This host is missing a critical security update according to Microsoft KB4103731 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
KB4103731: Windows 10 Version 1703 May 2018 Security Update
The remote Windows host is missing security update 4103731. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability...
Microsoft Windows CVE-2018-0824 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successfully exploiting this issue may result in the execution of arbitrary code in the context of the affected system. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affecte...
KB4103721: Windows 10 Version 1803 and Windows Server Version 1803 May 2018 Security Update
The remote Windows host is missing security update 4103721. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability...